Sign-up

ID

VAR-201805-0515


CVE

CVE-2018-0278


TITLE

Cisco Firepower System Information disclosure vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-004606

DESCRIPTION

A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this vulnerability by convincing a user to visit a malicious website designed to send requests to the affected application while the user is logged into the application with an active session cookie. A successful exploit could allow the attacker to retrieve policy or configuration information from the affected software and to perform another attack against the management console. Cisco Bug IDs: CSCvh68311. Vendors have confirmed this vulnerability Bug ID CSCvh68311 It is released as.Information may be obtained. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Management Console is one of the management console programs

Trust: 2.07

sources: NVD: CVE-2018-0278 // JVNDB: JVNDB-2018-004606 // BID: 104122 // VULHUB: VHN-118480 // VULMON: CVE-2018-0278

AFFECTED PRODUCTS

vendor:ciscomodel:secure firewall management centerscope:eqversion:6.2.1

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:6.1.0

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:6.2.0

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:6.2.2

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:6.2.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.0

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.1

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3

Trust: 0.6

vendor:ciscomodel:firepower system softwarescope:eqversion:0

Trust: 0.3

sources: BID: 104122 // JVNDB: JVNDB-2018-004606 // CNNVD: CNNVD-201805-079 // NVD: CVE-2018-0278

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0278
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0278
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201805-079
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118480
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-0278
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0278
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-118480
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0278
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-0278
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-118480 // VULMON: CVE-2018-0278 // JVNDB: JVNDB-2018-004606 // CNNVD: CNNVD-201805-079 // NVD: CVE-2018-0278

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-863

Trust: 1.1

sources: VULHUB: VHN-118480 // JVNDB: JVNDB-2018-004606 // NVD: CVE-2018-0278

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-079

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201805-079

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004606

PATCH
title:cisco-sa-20180502-fpwr-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-dos
Trust: 0.8
title:Cisco: Cisco Firepower System Software Cross-Origin Domain Protection Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180502-fpwr-dos
Trust: 0.1
title:doraurl:https://github.com/s-index/dora 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-0278 // 
            
            
            
            JVNDB: JVNDB-2018-004606

EXTERNAL IDS
db:NVDid:CVE-2018-0278
Trust: 2.9
db:BIDid:104122
Trust: 2.1
db:JVNDBid:JVNDB-2018-004606
Trust: 0.8
db:CNNVDid:CNNVD-201805-079
Trust: 0.6
db:VULHUBid:VHN-118480
Trust: 0.1
db:VULMONid:CVE-2018-0278
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118480 // 
            
            
            
            VULMON: CVE-2018-0278 // 
            
            
            
            BID: 104122 // 
            
            
            
            JVNDB: JVNDB-2018-004606 // 
            
            
            
            CNNVD: CNNVD-201805-079 // 
            
            
            
            NVD: CVE-2018-0278

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180502-fpwr-dos
Trust: 2.2
url:http://www.securityfocus.com/bid/104122
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0278
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0278
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/863.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118480 // 
            
            
            
            VULMON: CVE-2018-0278 // 
            
            
            
            BID: 104122 // 
            
            
            
            JVNDB: JVNDB-2018-004606 // 
            
            
            
            CNNVD: CNNVD-201805-079 // 
            
            
            
            NVD: CVE-2018-0278

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 104122

SOURCES
db:VULHUBid:VHN-118480
db:VULMONid:CVE-2018-0278
db:BIDid:104122
db:JVNDBid:JVNDB-2018-004606
db:CNNVDid:CNNVD-201805-079
db:NVDid:CVE-2018-0278

LAST UPDATE DATE
2024-11-27T22:43:49.922000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118480date:2020-09-04T00:00:00
db:VULMONid:CVE-2018-0278date:2020-09-04T00:00:00
db:BIDid:104122date:2018-05-02T00:00:00
db:JVNDBid:JVNDB-2018-004606date:2018-06-25T00:00:00
db:CNNVDid:CNNVD-201805-079date:2020-09-07T00:00:00
db:NVDid:CVE-2018-0278date:2024-11-26T16:09:02.407

SOURCES RELEASE DATE
db:VULHUBid:VHN-118480date:2018-05-02T00:00:00
db:VULMONid:CVE-2018-0278date:2018-05-02T00:00:00
db:BIDid:104122date:2018-05-02T00:00:00
db:JVNDBid:JVNDB-2018-004606date:2018-06-25T00:00:00
db:CNNVDid:CNNVD-201805-079date:2018-05-02T00:00:00
db:NVDid:CVE-2018-0278date:2018-05-02T22:29:00.967