Sign-up

ID

VAR-201804-1007


CVE

CVE-2018-0267


TITLE

Cisco Unified Communications Manager Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-004271

DESCRIPTION

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted. Cisco Bug IDs: CSCvf22116. Vendors have confirmed this vulnerability Bug ID CSCvf22116 It is released as.Information may be obtained. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2018-0267 // JVNDB: JVNDB-2018-004271 // BID: 103937 // VULHUB: VHN-118469

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:12.0\(1.10000.10\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:11.0\(1.10000.10\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2.10000.5\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1.10000.6\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:12.0(1.10000.10)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:11.5(1.10000.6)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:11.0(1.10000.10)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:10.5(2.10000.5)

Trust: 0.3

sources: BID: 103937 // JVNDB: JVNDB-2018-004271 // CNNVD: CNNVD-201804-1089 // NVD: CVE-2018-0267

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0267
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0267
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201804-1089
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118469
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-0267
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118469
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0267
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.0
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2018-0267
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-118469 // JVNDB: JVNDB-2018-004271 // CNNVD: CNNVD-201804-1089 // NVD: CVE-2018-0267

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-425

Trust: 1.1

sources: VULHUB: VHN-118469 // JVNDB: JVNDB-2018-004271 // NVD: CVE-2018-0267

THREAT TYPE

local

Trust: 0.9

sources: BID: 103937 // CNNVD: CNNVD-201804-1089

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201804-1089

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004271

PATCH
title:cisco-sa-20180418-ucm1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1
Trust: 0.8
title:Cisco Unified Communications Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81385
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-004271 // 
            
            
            
            CNNVD: CNNVD-201804-1089

EXTERNAL IDS
db:NVDid:CVE-2018-0267
Trust: 2.8
db:BIDid:103937
Trust: 2.0
db:SECTRACKid:1040719
Trust: 1.7
db:JVNDBid:JVNDB-2018-004271
Trust: 0.8
db:CNNVDid:CNNVD-201804-1089
Trust: 0.6
db:VULHUBid:VHN-118469
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118469 // 
            
            
            
            BID: 103937 // 
            
            
            
            JVNDB: JVNDB-2018-004271 // 
            
            
            
            CNNVD: CNNVD-201804-1089 // 
            
            
            
            NVD: CVE-2018-0267

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180418-ucm1
Trust: 2.0
url:http://www.securityfocus.com/bid/103937
Trust: 1.7
url:http://www.securitytracker.com/id/1040719
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0267
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0267
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118469 // 
            
            
            
            BID: 103937 // 
            
            
            
            JVNDB: JVNDB-2018-004271 // 
            
            
            
            CNNVD: CNNVD-201804-1089 // 
            
            
            
            NVD: CVE-2018-0267

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 103937

SOURCES
db:VULHUBid:VHN-118469
db:BIDid:103937
db:JVNDBid:JVNDB-2018-004271
db:CNNVDid:CNNVD-201804-1089
db:NVDid:CVE-2018-0267

LAST UPDATE DATE
2024-11-23T22:17:35.575000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118469date:2020-09-04T00:00:00
db:BIDid:103937date:2018-04-18T00:00:00
db:JVNDBid:JVNDB-2018-004271date:2018-06-15T00:00:00
db:CNNVDid:CNNVD-201804-1089date:2020-10-22T00:00:00
db:NVDid:CVE-2018-0267date:2024-11-21T03:37:50.813

SOURCES RELEASE DATE
db:VULHUBid:VHN-118469date:2018-04-19T00:00:00
db:BIDid:103937date:2018-04-18T00:00:00
db:JVNDBid:JVNDB-2018-004271date:2018-06-15T00:00:00
db:CNNVDid:CNNVD-201804-1089date:2018-04-19T00:00:00
db:NVDid:CVE-2018-0267date:2018-04-19T20:29:01.533