Sign-up

ID

VAR-201803-1612


CVE

CVE-2018-0196


TITLE

Cisco IOS XE Software Input Validation Vulnerability

Trust: 1.4

sources: CNVD: CNVD-2018-08477 // JVNDB: JVNDB-2018-002762

DESCRIPTION

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to write arbitrary files to the operating system of an affected device. The vulnerability is due to insufficient input validation of HTTP requests that are sent to the web UI of the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of the affected software. A successful exploit could allow the attacker to write arbitrary files to the operating system of an affected device. Cisco Bug IDs: CSCvb22645. Vendors have confirmed this vulnerability Bug ID CSCvb22645 It is released as.Information may be tampered with. Cisco IOSXESoftware is a set of operating systems developed by Cisco for its network devices. This may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2018-0196 // JVNDB: JVNDB-2018-002762 // CNVD: CNVD-2018-08477 // BID: 103570 // VULHUB: VHN-118398

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-08477

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.2.0

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:16.3\(1\)

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:16.1.2

Trust: 1.6

vendor:ciscomodel:ios xescope: - version: -

Trust: 1.4

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2018-08477 // BID: 103570 // JVNDB: JVNDB-2018-002762 // CNNVD: CNNVD-201803-1003 // NVD: CVE-2018-0196

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0196
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0196
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-08477
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-1003
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118398
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0196
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-08477
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118398
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0196
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-0196
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-08477 // VULHUB: VHN-118398 // JVNDB: JVNDB-2018-002762 // CNNVD: CNNVD-201803-1003 // NVD: CVE-2018-0196

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:NVD-CWE-Other

Trust: 1.0

sources: VULHUB: VHN-118398 // JVNDB: JVNDB-2018-002762 // NVD: CVE-2018-0196

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-1003

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201803-1003

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002762

PATCH
title:cisco-sa-20180328-wfwurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-wfw
Trust: 0.8
title:Cisco IOSXESoftware Input Patch for Validation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/127463
Trust: 0.6
title:Cisco IOS XE Software Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79471
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-08477 // 
            
            
            
            JVNDB: JVNDB-2018-002762 // 
            
            
            
            CNNVD: CNNVD-201803-1003

EXTERNAL IDS
db:NVDid:CVE-2018-0196
Trust: 3.4
db:BIDid:103570
Trust: 2.0
db:JVNDBid:JVNDB-2018-002762
Trust: 0.8
db:CNNVDid:CNNVD-201803-1003
Trust: 0.7
db:CNVDid:CNVD-2018-08477
Trust: 0.6
db:VULHUBid:VHN-118398
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-08477 // 
            
            
            
            VULHUB: VHN-118398 // 
            
            
            
            BID: 103570 // 
            
            
            
            JVNDB: JVNDB-2018-002762 // 
            
            
            
            CNNVD: CNNVD-201803-1003 // 
            
            
            
            NVD: CVE-2018-0196

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180328-wfw
Trust: 2.0
url:http://www.securityfocus.com/bid/103570
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0196
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0196
Trust: 0.8
url:https://bst.cloudapps.cisco.com/bugsearch/bug/cscvb22645
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-08477 // 
            
            
            
            VULHUB: VHN-118398 // 
            
            
            
            BID: 103570 // 
            
            
            
            JVNDB: JVNDB-2018-002762 // 
            
            
            
            CNNVD: CNNVD-201803-1003 // 
            
            
            
            NVD: CVE-2018-0196

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 103570

SOURCES
db:CNVDid:CNVD-2018-08477
db:VULHUBid:VHN-118398
db:BIDid:103570
db:JVNDBid:JVNDB-2018-002762
db:CNNVDid:CNNVD-201803-1003
db:NVDid:CVE-2018-0196

LAST UPDATE DATE
2024-11-23T22:52:11.312000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-08477date:2018-04-26T00:00:00
db:VULHUBid:VHN-118398date:2020-10-22T00:00:00
db:BIDid:103570date:2018-03-28T00:00:00
db:JVNDBid:JVNDB-2018-002762date:2018-04-27T00:00:00
db:CNNVDid:CNNVD-201803-1003date:2020-10-23T00:00:00
db:NVDid:CVE-2018-0196date:2024-11-21T03:37:42.407

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-08477date:2018-04-26T00:00:00
db:VULHUBid:VHN-118398date:2018-03-28T00:00:00
db:BIDid:103570date:2018-03-28T00:00:00
db:JVNDBid:JVNDB-2018-002762date:2018-04-27T00:00:00
db:CNNVDid:CNNVD-201803-1003date:2018-03-29T00:00:00
db:NVDid:CVE-2018-0196date:2018-03-28T22:29:02.217