Sign-up

ID

VAR-201806-1018


CVE

CVE-2018-0338


TITLE

Cisco Unified Computing System Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006094

DESCRIPTION

A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected system. A successful exploit could allow the attacker to cause other users to execute unwanted arbitrary commands on the affected system. Cisco Bug IDs: CSCvf52994. Vendors have confirmed this vulnerability Bug ID CSCvf52994 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2018-0338 // JVNDB: JVNDB-2018-006094 // BID: 104456 // VULHUB: VHN-118540

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing systemscope:eqversion:9.9\(0.902\)

Trust: 1.6

vendor:ciscomodel:unified computing systemscope:eqversion:9.1\(1.13\)

Trust: 1.6

vendor:ciscomodel:unified computing systemscope:eqversion:9.0\(100.20\)b

Trust: 1.6

vendor:ciscomodel:unified computing systemscope:eqversion:5.5\(203\)

Trust: 1.6

vendor:ciscomodel:unified computing systemscope:eqversion:7.0\(0\)bz\(0.46\)

Trust: 1.6

vendor:ciscomodel:unified computing system softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing systemscope:eqversion:0

Trust: 0.3

sources: BID: 104456 // JVNDB: JVNDB-2018-006094 // CNNVD: CNNVD-201806-367 // NVD: CVE-2018-0338

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0338
value: HIGH

Trust: 1.0

NVD: CVE-2018-0338
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201806-367
value: HIGH

Trust: 0.6

VULHUB: VHN-118540
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0338
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118540
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0338
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-0338
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-118540 // JVNDB: JVNDB-2018-006094 // CNNVD: CNNVD-201806-367 // NVD: CVE-2018-0338

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-863

Trust: 1.1

sources: VULHUB: VHN-118540 // JVNDB: JVNDB-2018-006094 // NVD: CVE-2018-0338

THREAT TYPE

local

Trust: 0.9

sources: BID: 104456 // CNNVD: CNNVD-201806-367

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 104456 // CNNVD: CNNVD-201806-367

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006094

PATCH
title:cisco-sa-20180606-ucs-accessurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucs-access
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-006094

EXTERNAL IDS
db:NVDid:CVE-2018-0338
Trust: 2.8
db:BIDid:104456
Trust: 2.0
db:SECTRACKid:1041071
Trust: 1.7
db:JVNDBid:JVNDB-2018-006094
Trust: 0.8
db:CNNVDid:CNNVD-201806-367
Trust: 0.7
db:VULHUBid:VHN-118540
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118540 // 
            
            
            
            BID: 104456 // 
            
            
            
            JVNDB: JVNDB-2018-006094 // 
            
            
            
            CNNVD: CNNVD-201806-367 // 
            
            
            
            NVD: CVE-2018-0338

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180606-ucs-access
Trust: 2.0
url:http://www.securityfocus.com/bid/104456
Trust: 1.7
url:http://www.securitytracker.com/id/1041071
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0338
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0338
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118540 // 
            
            
            
            BID: 104456 // 
            
            
            
            JVNDB: JVNDB-2018-006094 // 
            
            
            
            CNNVD: CNNVD-201806-367 // 
            
            
            
            NVD: CVE-2018-0338

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 104456

SOURCES
db:VULHUBid:VHN-118540
db:BIDid:104456
db:JVNDBid:JVNDB-2018-006094
db:CNNVDid:CNNVD-201806-367
db:NVDid:CVE-2018-0338

LAST UPDATE DATE
2024-11-23T23:05:05.617000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118540date:2020-09-04T00:00:00
db:BIDid:104456date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-006094date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-367date:2020-09-07T00:00:00
db:NVDid:CVE-2018-0338date:2024-11-21T03:38:00.680

SOURCES RELEASE DATE
db:VULHUBid:VHN-118540date:2018-06-07T00:00:00
db:BIDid:104456date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-006094date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-367date:2018-06-08T00:00:00
db:NVDid:CVE-2018-0338date:2018-06-07T21:29:00.637