Details of VAR-201803-1595

ID

VAR-201803-1595

CVE

CVE-2018-0216

TITLE

Cisco Identity Services Engine Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2018-002594

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvf69805. Vendors have confirmed this vulnerability Bug ID CSCvf69805 It is released as.Information may be obtained and information may be altered. Other attacks are also possible. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2018-0216 // JVNDB: JVNDB-2018-002594 // BID: 103336 // VULHUB: VHN-118418

AFFECTED PRODUCTS

vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.2\(0.471\)	Trust: 1.6
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.3\(0.298\)	Trust: 1.6
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.1\(0.476\)	Trust: 1.6
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.0\(0.249\)	Trust: 1.6
vendor:	cisco	model:	identity services engine	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	identity services engine	scope:	eq	version:	0	Trust: 0.3

sources: BID: 103336 // JVNDB: JVNDB-2018-002594 // CNNVD: CNNVD-201803-251 // NVD: CVE-2018-0216

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0216
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0216
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201803-251
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118418
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0216
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118418
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0216
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118418 // JVNDB: JVNDB-2018-002594 // CNNVD: CNNVD-201803-251 // NVD: CVE-2018-0216

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-118418 // JVNDB: JVNDB-2018-002594 // NVD: CVE-2018-0216

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-251

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201803-251

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002594

PATCH

title:	cisco-sa-20180307-ise5	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise5	Trust: 0.8
title:	Cisco Identity Services Engine Fixes for cross-site request forgery vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78985	Trust: 0.6

sources: JVNDB: JVNDB-2018-002594 // CNNVD: CNNVD-201803-251

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0216	Trust: 2.8
db:	BID	id:	103336	Trust: 2.0
db:	SECTRACK	id:	1040471	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-002594	Trust: 0.8
db:	CNNVD	id:	CNNVD-201803-251	Trust: 0.6
db:	VULHUB	id:	VHN-118418	Trust: 0.1

sources: VULHUB: VHN-118418 // BID: 103336 // JVNDB: JVNDB-2018-002594 // CNNVD: CNNVD-201803-251 // NVD: CVE-2018-0216

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180307-ise5	Trust: 2.0
url:	http://www.securityfocus.com/bid/103336	Trust: 1.7
url:	http://www.securitytracker.com/id/1040471	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0216	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0216	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-118418 // BID: 103336 // JVNDB: JVNDB-2018-002594 // CNNVD: CNNVD-201803-251 // NVD: CVE-2018-0216

CREDITS

Cisco

Trust: 0.3

sources: BID: 103336

SOURCES

db:	VULHUB	id:	VHN-118418
db:	BID	id:	103336
db:	JVNDB	id:	JVNDB-2018-002594
db:	CNNVD	id:	CNNVD-201803-251
db:	NVD	id:	CVE-2018-0216

LAST UPDATE DATE

2024-11-23T22:00:39.500000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118418	date:	2019-10-09T00:00:00
db:	BID	id:	103336	date:	2018-03-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-002594	date:	2018-04-20T00:00:00
db:	CNNVD	id:	CNNVD-201803-251	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0216	date:	2024-11-21T03:37:45.153

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118418	date:	2018-03-08T00:00:00
db:	BID	id:	103336	date:	2018-03-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-002594	date:	2018-04-20T00:00:00
db:	CNNVD	id:	CNNVD-201803-251	date:	2018-03-09T00:00:00
db:	NVD	id:	CVE-2018-0216	date:	2018-03-08T07:29:00.910