Sign-up

ID

VAR-201806-1036


CVE

CVE-2018-0353


TITLE

Cisco Web Security Appliance Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2018-006118

DESCRIPTION

A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections. The vulnerability is due to a change in the underlying operating system software that is responsible for monitoring affected traffic. An attacker could exploit this vulnerability by sending crafted IP packets to an affected device. A successful exploit could allow the attacker to pass traffic through the device, which the WSA was configured to deny. This vulnerability affects both IPv4 and IPv6 traffic. This vulnerability affects Cisco AsyncOS versions for WSA on both virtual and hardware appliances running any release of the 10.5.1, 10.5.2, or 11.0.0 WSA Software. The WSA is vulnerable if it is configured for L4TM. Cisco Bug IDs: CSCvg78875. Vendors have confirmed this vulnerability Bug ID CSCvg78875 It is released as.Information may be obtained. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation. AsyncOS is an operating system that runs on it

Trust: 1.98

sources: NVD: CVE-2018-0353 // JVNDB: JVNDB-2018-006118 // BID: 104417 // VULHUB: VHN-118555

AFFECTED PRODUCTS

vendor:ciscomodel:web security appliancescope:eqversion:11.0.0

Trust: 1.6

vendor:ciscomodel:web security appliancescope:eqversion:10.5.1-296

Trust: 1.6

vendor:ciscomodel:web security appliancescope:eqversion:10.5.2

Trust: 1.6

vendor:ciscomodel:web security appliancescope:eqversion:10.5.1

Trust: 1.6

vendor:ciscomodel:web security appliancescope:eqversion:11.5.0-fcs-442

Trust: 1.6

vendor:ciscomodel:web security the appliancescope: - version: -

Trust: 0.8

vendor:ciscomodel:web security appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:asyncosscope:eqversion:11.0

Trust: 0.3

vendor:ciscomodel:asyncos 11.5.0-fcs-442scope: - version: -

Trust: 0.3

vendor:ciscomodel:asyncosscope:eqversion:10.5.2

Trust: 0.3

vendor:ciscomodel:asyncosscope:eqversion:10.5.1-296

Trust: 0.3

vendor:ciscomodel:asyncosscope:eqversion:10.5.1

Trust: 0.3

vendor:ciscomodel:asyncosscope:neversion:11.5.0-614

Trust: 0.3

vendor:ciscomodel:asyncosscope:neversion:10.5.2-061

Trust: 0.3

sources: BID: 104417 // JVNDB: JVNDB-2018-006118 // CNNVD: CNNVD-201806-392 // NVD: CVE-2018-0353

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0353
value: HIGH

Trust: 1.0

NVD: CVE-2018-0353
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201806-392
value: HIGH

Trust: 0.6

VULHUB: VHN-118555
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0353
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118555
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0353
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118555 // JVNDB: JVNDB-2018-006118 // CNNVD: CNNVD-201806-392 // NVD: CVE-2018-0353

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-118555 // JVNDB: JVNDB-2018-006118 // NVD: CVE-2018-0353

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-392

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201806-392

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006118

PATCH
title:cisco-sa-20180606-wsaurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa
Trust: 0.8
title:Cisco Web Security Appliance AsyncOS Fixing measures for security feature vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80739
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-006118 // 
            
            
            
            CNNVD: CNNVD-201806-392

EXTERNAL IDS
db:NVDid:CVE-2018-0353
Trust: 2.8
db:BIDid:104417
Trust: 2.0
db:SECTRACKid:1041081
Trust: 1.7
db:JVNDBid:JVNDB-2018-006118
Trust: 0.8
db:CNNVDid:CNNVD-201806-392
Trust: 0.7
db:VULHUBid:VHN-118555
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118555 // 
            
            
            
            BID: 104417 // 
            
            
            
            JVNDB: JVNDB-2018-006118 // 
            
            
            
            CNNVD: CNNVD-201806-392 // 
            
            
            
            NVD: CVE-2018-0353

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180606-wsa
Trust: 2.0
url:http://www.securityfocus.com/bid/104417
Trust: 1.7
url:http://www.securitytracker.com/id/1041081
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0353
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0353
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118555 // 
            
            
            
            BID: 104417 // 
            
            
            
            JVNDB: JVNDB-2018-006118 // 
            
            
            
            CNNVD: CNNVD-201806-392 // 
            
            
            
            NVD: CVE-2018-0353

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 104417

SOURCES
db:VULHUBid:VHN-118555
db:BIDid:104417
db:JVNDBid:JVNDB-2018-006118
db:CNNVDid:CNNVD-201806-392
db:NVDid:CVE-2018-0353

LAST UPDATE DATE
2024-11-23T21:53:05.342000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118555date:2019-10-09T00:00:00
db:BIDid:104417date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-006118date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-392date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0353date:2024-11-21T03:38:02.680

SOURCES RELEASE DATE
db:VULHUBid:VHN-118555date:2018-06-07T00:00:00
db:BIDid:104417date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-006118date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-392date:2018-06-08T00:00:00
db:NVDid:CVE-2018-0353date:2018-06-07T12:29:00.777