Details of VAR-201804-1020

ID

VAR-201804-1020

CVE

CVE-2018-0275

TITLE

Cisco Identity Services Engine Vulnerabilities in environment settings

Trust: 0.8

sources: JVNDB: JVNDB-2018-004237

DESCRIPTION

A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the attacker to run any system command with root access. This affects Cisco Identity Services Engine (ISE) software versions prior to 2.2.0.470. Cisco Bug IDs: CSCvf54409. Vendors have confirmed this vulnerability Bug ID CSCvf54409 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2018-0275 // JVNDB: JVNDB-2018-004237 // BID: 104492 // VULHUB: VHN-118477

AFFECTED PRODUCTS

vendor:	cisco	model:	identity services engine	scope:	lt	version:	2.2\(0.470\)	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	lt	version:	2.2.0.470	Trust: 0.8
vendor:	cisco	model:	identity services engine	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.2.18	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.2.17	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.2.16	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.2.15	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.2.14	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.2.13	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.29	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.28	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.27	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.26	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.25	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.24	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.23	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.22	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.217	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.216	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.215	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.214	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.213	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.212	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.211	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.210	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.21	Trust: 0.3
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.4	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.35	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.34	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.33	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.32	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.31	Trust: 0.3
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.3(120.135)	Trust: 0.3
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.3(106.146)	Trust: 0.3
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.3(0.876)	Trust: 0.3
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.3(0.722)	Trust: 0.3
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.3	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.2.12	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.2.11	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.2.0.8997	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.2.0.89914	Trust: 0.3
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.2(1.901)	Trust: 0.3
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.2(1.198)	Trust: 0.3
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.2(0.793)	Trust: 0.3
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.2(0.747)	Trust: 0.3
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.2	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.47	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.46	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.45	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.44	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.43	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.42	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.41	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.37	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.36	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.35	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.34	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.33	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.32	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.31	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.29	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.28	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.27	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.26	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.25	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.24	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.23	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.22	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.21	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.16	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.15	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.14	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.13	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.12	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.1.11	Trust: 0.3
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.1	Trust: 0.3
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.0	Trust: 0.3
vendor:	cisco	model:	identity services engine software	scope:	ne	version:	2.2.0.470	Trust: 0.3

sources: BID: 104492 // JVNDB: JVNDB-2018-004237 // CNNVD: CNNVD-201804-1085 // NVD: CVE-2018-0275

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0275
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0275
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201804-1085
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118477
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0275
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118477
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0275
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118477 // JVNDB: JVNDB-2018-004237 // CNNVD: CNNVD-201804-1085 // NVD: CVE-2018-0275

PROBLEMTYPE DATA

problemtype:	CWE-16	Trust: 1.9
problemtype:	NVD-CWE-noinfo	Trust: 1.0

sources: VULHUB: VHN-118477 // JVNDB: JVNDB-2018-004237 // NVD: CVE-2018-0275

THREAT TYPE

local

Trust: 0.9

sources: BID: 104492 // CNNVD: CNNVD-201804-1085

TYPE

configuration error

Trust: 0.6

sources: CNNVD: CNNVD-201804-1085

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004237

PATCH

title:	cisco-sa-20180418-ise	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise	Trust: 0.8
title:	Cisco Identity Services Engine Fixes for configuration error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81381	Trust: 0.6

sources: JVNDB: JVNDB-2018-004237 // CNNVD: CNNVD-201804-1085

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0275	Trust: 2.8
db:	SECTRACK	id:	1040717	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-004237	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-1085	Trust: 0.6
db:	BID	id:	104492	Trust: 0.4
db:	VULHUB	id:	VHN-118477	Trust: 0.1

sources: VULHUB: VHN-118477 // BID: 104492 // JVNDB: JVNDB-2018-004237 // CNNVD: CNNVD-201804-1085 // NVD: CVE-2018-0275

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180418-ise	Trust: 2.0
url:	http://www.securitytracker.com/id/1040717	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0275	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0275	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118477 // BID: 104492 // JVNDB: JVNDB-2018-004237 // CNNVD: CNNVD-201804-1085 // NVD: CVE-2018-0275

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 104492

SOURCES

db:	VULHUB	id:	VHN-118477
db:	BID	id:	104492
db:	JVNDB	id:	JVNDB-2018-004237
db:	CNNVD	id:	CNNVD-201804-1085
db:	NVD	id:	CVE-2018-0275

LAST UPDATE DATE

2024-11-23T22:41:52.114000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118477	date:	2019-10-09T00:00:00
db:	BID	id:	104492	date:	2018-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-004237	date:	2018-06-14T00:00:00
db:	CNNVD	id:	CNNVD-201804-1085	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0275	date:	2024-11-21T03:37:52.507

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118477	date:	2018-04-19T00:00:00
db:	BID	id:	104492	date:	2018-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-004237	date:	2018-06-14T00:00:00
db:	CNNVD	id:	CNNVD-201804-1085	date:	2018-04-19T00:00:00
db:	NVD	id:	CVE-2018-0275	date:	2018-04-19T20:29:01.783