Sign-up

ID

VAR-201803-1603


CVE

CVE-2018-0183


TITLE

Cisco IOS XE Vulnerability related to authorization, authority, and access control in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-003429

DESCRIPTION

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuv91356. Cisco IOS XE The software contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability Bug ID CSCuv91356 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. This may aid in further attacks. CLI parser is one of the command line command parsers. The vulnerability is caused by the fact that the program does not have correct filtering command parameters

Trust: 2.52

sources: NVD: CVE-2018-0183 // JVNDB: JVNDB-2018-003429 // CNVD: CNVD-2018-08475 // BID: 103555 // VULHUB: VHN-118385

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-08475

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope: - version: -

Trust: 1.4

vendor:ciscomodel:ios xescope:ltversion:3.16.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:ltversion:3.13.5as

Trust: 1.0

vendor:ciscomodel:ios xescope:ltversion:3.16.2bs

Trust: 1.0

vendor:ciscomodel:ios xescope:ltversion:3.13.2as

Trust: 1.0

vendor:ciscomodel:ios xescope:ltversion:3.13.7as

Trust: 1.0

vendor:ciscomodel:ios xescope:ltversion:3.13.0as

Trust: 1.0

vendor:ciscomodel:ios xescope:ltversion:3.16.2as

Trust: 1.0

vendor:ciscomodel:ios xescope:ltversion:16.3.6

Trust: 1.0

vendor:ciscomodel:ios xescope:ltversion:16.6.3

Trust: 1.0

vendor:ciscomodel:ios xescope:ltversion:3.13.9s

Trust: 1.0

vendor:ciscomodel:ios xescope:ltversion:16.3.5b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6s_base

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.7e.0

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.7.1s

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.7.2s

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.7s

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.6s.1

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.7.5e

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.7e_3.7.3e

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.7.0s

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.7e

Trust: 0.6

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ios 15.3 sscope: - version: -

Trust: 0.3

vendor:ciscomodel:series integrated services routerscope:eqversion:44000

Trust: 0.3

sources: CNVD: CNVD-2018-08475 // BID: 103555 // JVNDB: JVNDB-2018-003429 // CNNVD: CNNVD-201803-1012 // NVD: CVE-2018-0183

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0183
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0183
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-08475
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-1012
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118385
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0183
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-08475
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118385
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0183
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-08475 // VULHUB: VHN-118385 // JVNDB: JVNDB-2018-003429 // CNNVD: CNNVD-201803-1012 // NVD: CVE-2018-0183

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

problemtype:CWE-78

Trust: 1.1

sources: VULHUB: VHN-118385 // JVNDB: JVNDB-2018-003429 // NVD: CVE-2018-0183

THREAT TYPE

local

Trust: 0.9

sources: BID: 103555 // CNNVD: CNNVD-201803-1012

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201803-1012

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003429

PATCH
title:cisco-sa-20180328-privesc3url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc3
Trust: 0.8
title:Patch for Cisco IOSXESoftware Local Privilege Escalation Vulnerability (CNVD-2018-08475)url:https://www.cnvd.org.cn/patchInfo/show/127475
Trust: 0.6
title:Cisco 4000 Series Integrated Services Router IOS XE Software CLI Fixes for resolver permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79480
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-08475 // 
            
            
            
            JVNDB: JVNDB-2018-003429 // 
            
            
            
            CNNVD: CNNVD-201803-1012

EXTERNAL IDS
db:NVDid:CVE-2018-0183
Trust: 3.4
db:BIDid:103555
Trust: 2.0
db:JVNDBid:JVNDB-2018-003429
Trust: 0.8
db:CNNVDid:CNNVD-201803-1012
Trust: 0.7
db:CNVDid:CNVD-2018-08475
Trust: 0.6
db:VULHUBid:VHN-118385
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-08475 // 
            
            
            
            VULHUB: VHN-118385 // 
            
            
            
            BID: 103555 // 
            
            
            
            JVNDB: JVNDB-2018-003429 // 
            
            
            
            CNNVD: CNNVD-201803-1012 // 
            
            
            
            NVD: CVE-2018-0183

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180328-privesc3
Trust: 2.0
url:http://www.securityfocus.com/bid/103555
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0183
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0183
Trust: 0.8
url:https://bst.cloudapps.cisco.com/bugsearch/bug/cscuv91356
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-08475 // 
            
            
            
            VULHUB: VHN-118385 // 
            
            
            
            BID: 103555 // 
            
            
            
            JVNDB: JVNDB-2018-003429 // 
            
            
            
            CNNVD: CNNVD-201803-1012 // 
            
            
            
            NVD: CVE-2018-0183

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 103555

SOURCES
db:CNVDid:CNVD-2018-08475
db:VULHUBid:VHN-118385
db:BIDid:103555
db:JVNDBid:JVNDB-2018-003429
db:CNNVDid:CNNVD-201803-1012
db:NVDid:CVE-2018-0183

LAST UPDATE DATE
2024-11-23T22:41:53.836000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-08475date:2018-04-26T00:00:00
db:VULHUBid:VHN-118385date:2019-10-09T00:00:00
db:BIDid:103555date:2018-03-28T00:00:00
db:JVNDBid:JVNDB-2018-003429date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201803-1012date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0183date:2024-11-21T03:37:41.013

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-08475date:2018-04-26T00:00:00
db:VULHUBid:VHN-118385date:2018-03-28T00:00:00
db:BIDid:103555date:2018-03-28T00:00:00
db:JVNDBid:JVNDB-2018-003429date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201803-1012date:2018-03-29T00:00:00
db:NVDid:CVE-2018-0183date:2018-03-28T22:29:01.703