Sign-up

ID

VAR-201804-1006


CVE

CVE-2018-0266


TITLE

Cisco Unified Communications Manager Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-004417

DESCRIPTION

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view configuration parameters. Cisco Bug IDs: CSCvf20218. Vendors have confirmed this vulnerability Bug ID CSCvf20218 It is released as.Information may be obtained. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2018-0266 // JVNDB: JVNDB-2018-004417 // BID: 103933 // VULHUB: VHN-118468

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:12.0\(1.10000.10\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:11.0\(1.10000.10\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2.10000.5\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1.10000.6\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:12.0(1.10000.10)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:11.5(1.10000.6)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:11.0(1.10000.10)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:10.5(2.10000.5)

Trust: 0.3

sources: BID: 103933 // JVNDB: JVNDB-2018-004417 // CNNVD: CNNVD-201804-1090 // NVD: CVE-2018-0266

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0266
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0266
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201804-1090
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118468
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0266
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118468
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0266
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2018-0266
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-118468 // JVNDB: JVNDB-2018-004417 // CNNVD: CNNVD-201804-1090 // NVD: CVE-2018-0266

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-425

Trust: 1.1

sources: VULHUB: VHN-118468 // JVNDB: JVNDB-2018-004417 // NVD: CVE-2018-0266

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1090

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201804-1090

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004417

PATCH
title:cisco-sa-20180418-ucmurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm
Trust: 0.8
title:Cisco Unified Communications Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81386
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-004417 // 
            
            
            
            CNNVD: CNNVD-201804-1090

EXTERNAL IDS
db:NVDid:CVE-2018-0266
Trust: 2.8
db:BIDid:103933
Trust: 2.0
db:SECTRACKid:1040718
Trust: 1.7
db:JVNDBid:JVNDB-2018-004417
Trust: 0.8
db:CNNVDid:CNNVD-201804-1090
Trust: 0.6
db:VULHUBid:VHN-118468
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118468 // 
            
            
            
            BID: 103933 // 
            
            
            
            JVNDB: JVNDB-2018-004417 // 
            
            
            
            CNNVD: CNNVD-201804-1090 // 
            
            
            
            NVD: CVE-2018-0266

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180418-ucm
Trust: 2.0
url:http://www.securityfocus.com/bid/103933
Trust: 1.7
url:http://www.securitytracker.com/id/1040718
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0266
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0266
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118468 // 
            
            
            
            BID: 103933 // 
            
            
            
            JVNDB: JVNDB-2018-004417 // 
            
            
            
            CNNVD: CNNVD-201804-1090 // 
            
            
            
            NVD: CVE-2018-0266

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 103933

SOURCES
db:VULHUBid:VHN-118468
db:BIDid:103933
db:JVNDBid:JVNDB-2018-004417
db:CNNVDid:CNNVD-201804-1090
db:NVDid:CVE-2018-0266

LAST UPDATE DATE
2024-11-23T22:52:09.778000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118468date:2020-09-04T00:00:00
db:BIDid:103933date:2018-04-18T00:00:00
db:JVNDBid:JVNDB-2018-004417date:2018-06-20T00:00:00
db:CNNVDid:CNNVD-201804-1090date:2020-10-22T00:00:00
db:NVDid:CVE-2018-0266date:2024-11-21T03:37:50.693

SOURCES RELEASE DATE
db:VULHUBid:VHN-118468date:2018-04-19T00:00:00
db:BIDid:103933date:2018-04-18T00:00:00
db:JVNDBid:JVNDB-2018-004417date:2018-06-20T00:00:00
db:CNNVDid:CNNVD-201804-1090date:2018-04-19T00:00:00
db:NVDid:CVE-2018-0266date:2018-04-19T20:29:01.487