Sign-up

ID

VAR-201805-0520


CVE

CVE-2018-0285


TITLE

Cisco Prime Service Catalog Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004905

DESCRIPTION

A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability by performing certain operations that lead to excessive logging. A successful exploit could allow the attacker to deny service to the user interface. Cisco Bug IDs: CSCvd39568. Vendors have confirmed this vulnerability Bug ID CSCvd39568 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition. The solution supports automated ordering of a unified service catalog of computing, networking, storage, and other data center resources

Trust: 1.98

sources: NVD: CVE-2018-0285 // JVNDB: JVNDB-2018-004905 // BID: 104082 // VULHUB: VHN-118487

AFFECTED PRODUCTS

vendor:ciscomodel:prime service catalogscope:eqversion:11.1.2

Trust: 1.9

vendor:ciscomodel:prime service catalogscope: - version: -

Trust: 0.8

vendor:ciscomodel:prime service catalogscope:eqversion:0

Trust: 0.3

sources: BID: 104082 // JVNDB: JVNDB-2018-004905 // CNNVD: CNNVD-201805-076 // NVD: CVE-2018-0285

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0285
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0285
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201805-076
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118487
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0285
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118487
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0285
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118487 // JVNDB: JVNDB-2018-004905 // CNNVD: CNNVD-201805-076 // NVD: CVE-2018-0285

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-118487 // JVNDB: JVNDB-2018-004905 // NVD: CVE-2018-0285

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-076

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201805-076

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004905

PATCH
title:cisco-sa-20180502-pscurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-psc
Trust: 0.8
title:Cisco Prime Service Catalog Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79812
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-004905 // 
            
            
            
            CNNVD: CNNVD-201805-076

EXTERNAL IDS
db:NVDid:CVE-2018-0285
Trust: 2.5
db:BIDid:104082
Trust: 2.0
db:SECTRACKid:1040826
Trust: 1.7
db:JVNDBid:JVNDB-2018-004905
Trust: 0.8
db:CNNVDid:CNNVD-201805-076
Trust: 0.6
db:VULHUBid:VHN-118487
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118487 // 
            
            
            
            BID: 104082 // 
            
            
            
            JVNDB: JVNDB-2018-004905 // 
            
            
            
            CNNVD: CNNVD-201805-076 // 
            
            
            
            NVD: CVE-2018-0285

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180502-psc
Trust: 2.0
url:http://www.securityfocus.com/bid/104082
Trust: 1.7
url:http://www.securitytracker.com/id/1040826
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0285
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0285
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118487 // 
            
            
            
            BID: 104082 // 
            
            
            
            JVNDB: JVNDB-2018-004905 // 
            
            
            
            CNNVD: CNNVD-201805-076 // 
            
            
            
            NVD: CVE-2018-0285

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 104082

SOURCES
db:VULHUBid:VHN-118487
db:BIDid:104082
db:JVNDBid:JVNDB-2018-004905
db:CNNVDid:CNNVD-201805-076
db:NVDid:CVE-2018-0285

LAST UPDATE DATE
2024-11-23T22:55:53.259000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118487date:2019-10-09T00:00:00
db:BIDid:104082date:2018-05-04T00:00:00
db:JVNDBid:JVNDB-2018-004905date:2018-06-29T00:00:00
db:CNNVDid:CNNVD-201805-076date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0285date:2024-11-21T03:37:53.773

SOURCES RELEASE DATE
db:VULHUBid:VHN-118487date:2018-05-02T00:00:00
db:BIDid:104082date:2018-05-04T00:00:00
db:JVNDBid:JVNDB-2018-004905date:2018-06-29T00:00:00
db:CNNVDid:CNNVD-201805-076date:2018-05-03T00:00:00
db:NVDid:CVE-2018-0285date:2018-05-02T22:29:01.200