Details of VAR-201803-1602

ID

VAR-201803-1602

CVE

CVE-2018-0224

TITLE

Cisco StarOS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002595

DESCRIPTION

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by authenticating to an affected system and injecting malicious arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. Cisco Bug IDs: CSCvg38807. Cisco StarOS Contains a command injection vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg38807 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The StarOS operating system is a virtualized operating system running on it. CLI is one of those command line interfaces

Trust: 1.98

sources: NVD: CVE-2018-0224 // JVNDB: JVNDB-2018-002595 // BID: 103344 // VULHUB: VHN-118426

AFFECTED PRODUCTS

vendor:	cisco	model:	staros	scope:	eq	version:	21.3.0.67664	Trust: 1.6
vendor:	cisco	model:	staros	scope:	eq	version:	21.5.0	Trust: 1.6
vendor:	cisco	model:	staros	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	staros	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	eq	version:	500021.5	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	eq	version:	500021.3.0.67664	Trust: 0.3

sources: BID: 103344 // JVNDB: JVNDB-2018-002595 // CNNVD: CNNVD-201803-244 // NVD: CVE-2018-0224

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0224
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0224
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201803-244
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118426
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0224
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118426
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0224
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0224
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-118426 // JVNDB: JVNDB-2018-002595 // CNNVD: CNNVD-201803-244 // NVD: CVE-2018-0224

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.9
problemtype:	CWE-78	Trust: 1.1
problemtype:	CWE-20	Trust: 0.1

sources: VULHUB: VHN-118426 // JVNDB: JVNDB-2018-002595 // NVD: CVE-2018-0224

THREAT TYPE

local

Trust: 0.9

sources: BID: 103344 // CNNVD: CNNVD-201803-244

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201803-244

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002595

PATCH

title:

cisco-sa-20180307-staros1

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-staros1

Trust: 0.8

sources: JVNDB: JVNDB-2018-002595

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0224	Trust: 2.8
db:	BID	id:	103344	Trust: 2.0
db:	SECTRACK	id:	1040466	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-002595	Trust: 0.8
db:	CNNVD	id:	CNNVD-201803-244	Trust: 0.6
db:	VULHUB	id:	VHN-118426	Trust: 0.1

sources: VULHUB: VHN-118426 // BID: 103344 // JVNDB: JVNDB-2018-002595 // CNNVD: CNNVD-201803-244 // NVD: CVE-2018-0224

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180307-staros1	Trust: 2.0
url:	http://www.securityfocus.com/bid/103344	Trust: 1.7
url:	http://www.securitytracker.com/id/1040466	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0224	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0224	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118426 // BID: 103344 // JVNDB: JVNDB-2018-002595 // CNNVD: CNNVD-201803-244 // NVD: CVE-2018-0224

CREDITS

Cisco

Trust: 0.3

sources: BID: 103344

SOURCES

db:	VULHUB	id:	VHN-118426
db:	BID	id:	103344
db:	JVNDB	id:	JVNDB-2018-002595
db:	CNNVD	id:	CNNVD-201803-244
db:	NVD	id:	CVE-2018-0224

LAST UPDATE DATE

2024-11-23T22:38:15.005000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118426	date:	2020-09-04T00:00:00
db:	BID	id:	103344	date:	2018-03-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-002595	date:	2018-04-20T00:00:00
db:	CNNVD	id:	CNNVD-201803-244	date:	2020-09-07T00:00:00
db:	NVD	id:	CVE-2018-0224	date:	2024-11-21T03:37:46.123

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118426	date:	2018-03-08T00:00:00
db:	BID	id:	103344	date:	2018-03-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-002595	date:	2018-04-20T00:00:00
db:	CNNVD	id:	CNNVD-201803-244	date:	2018-03-09T00:00:00
db:	NVD	id:	CVE-2018-0224	date:	2018-03-08T07:29:01.283