Sign-up

ID

VAR-201806-1043


CVE

CVE-2018-0362


TITLE

Cisco 5000 Series Enterprise Network Compute System and Unified Computing E-Series Server Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006586

DESCRIPTION

A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers could allow an unauthenticated, local attacker to bypass the BIOS authentication and execute actions as an unprivileged user. The vulnerability is due to improper security restrictions that are imposed by the affected system. An attacker could exploit this vulnerability by submitting an empty password value to an affected device's BIOS authentication prompt. An exploit could allow the attacker to have access to a restricted set of user-level BIOS commands. Cisco Bug IDs: CSCvh83260. Vendors have confirmed this vulnerability Bug ID CSCvh83260 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. UCSE-SeriesServers is a data center-class blade server device

Trust: 2.25

sources: NVD: CVE-2018-0362 // JVNDB: JVNDB-2018-006586 // CNVD: CNVD-2018-14575 // VULHUB: VHN-118564

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-14575

AFFECTED PRODUCTS

vendor:ciscomodel:ucs-e160dp-m1scope:eqversion:3.2\(3\)

Trust: 1.6

vendor:ciscomodel:ucs-e160d-k9scope:eqversion:3.2\(3\)

Trust: 1.6

vendor:ciscomodel:ucs-e140s-m1scope:eqversion:3.2\(3\)

Trust: 1.6

vendor:ciscomodel:ucs-e140s-k9scope:eqversion:3.2\(3\)

Trust: 1.6

vendor:ciscomodel:ucs-e140dp-m1scope:eqversion:3.2\(3\)

Trust: 1.6

vendor:ciscomodel:ucs-e140d-k9scope:eqversion:3.2\(3\)

Trust: 1.6

vendor:ciscomodel:ucs-e160d-m1scope:eqversion:3.2\(3\)

Trust: 1.6

vendor:ciscomodel:ucs-e160dp-k9scope:eqversion:3.2\(3\)

Trust: 1.6

vendor:ciscomodel:ucs-e140dp-k9scope:eqversion:3.2\(3\)

Trust: 1.6

vendor:ciscomodel:ucs-e140d-m1scope:eqversion:3.2\(3\)

Trust: 1.6

vendor:ciscomodel:ucs-e1120d-m3scope:eqversion:3.2\(3\)

Trust: 1.0

vendor:ciscomodel:ucs-e160s-m3scope:eqversion:3.2\(3\)

Trust: 1.0

vendor:ciscomodel:ucs-e140s-m2scope:eqversion:3.2\(3\)

Trust: 1.0

vendor:ciscomodel:5100 enterprise network compute systemscope:eqversion:3.2\(3\)

Trust: 1.0

vendor:ciscomodel:ucs-e1120d-k9scope:eqversion:3.2\(3\)

Trust: 1.0

vendor:ciscomodel:ucs-e180d-k9scope:eqversion:3.2\(3\)

Trust: 1.0

vendor:ciscomodel:5400 enterprise network compute systemscope:eqversion:3.2\(3\)

Trust: 1.0

vendor:ciscomodel:ucs-e160s-k9scope:eqversion:3.2\(3\)

Trust: 1.0

vendor:ciscomodel:ucs-e180d-m3scope:eqversion:3.2\(3\)

Trust: 1.0

vendor:ciscomodel:ucs-e180d-m2scope:eqversion:3.2\(3\)

Trust: 1.0

vendor:ciscomodel:ucs-e160d-m2scope:eqversion:3.2\(3\)

Trust: 1.0

vendor:ciscomodel:5000 enterprise network compute systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:5100 enterprise network compute systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs-e1120d-k9scope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs-e1120d-m3scope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs-e140d-k9scope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs-e140d-m1scope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs-e140dp-k9scope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs-e140dp-m1scope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs-e140s-k9scope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs-e140s-m1scope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs-e140s-m2scope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs-e160d-k9scope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs-e160d-m1scope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs-e160d-m2scope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs-e160dp-k9scope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs-e160dp-m1scope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs-e160s-k9scope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs-e160s-m3scope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs-e180d-k9scope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs-e180d-m2scope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs-e180d-m3scope: - version: -

Trust: 0.8

vendor:ciscomodel:series enterprise network compute systemscope:eqversion:50000

Trust: 0.6

vendor:ciscomodel:unified computing e-series serversscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-14575 // JVNDB: JVNDB-2018-006586 // CNNVD: CNNVD-201806-1115 // NVD: CVE-2018-0362

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0362
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0362
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-14575
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201806-1115
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118564
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0362
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-14575
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118564
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0362
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 0.9
impactScore: 3.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-14575 // VULHUB: VHN-118564 // JVNDB: JVNDB-2018-006586 // CNNVD: CNNVD-201806-1115 // NVD: CVE-2018-0362

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-118564 // JVNDB: JVNDB-2018-006586 // NVD: CVE-2018-0362

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201806-1115

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201806-1115

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006586

PATCH
title:cisco-sa-20180620-encs-ucs-bios-auth-bypassurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-encs-ucs-bios-auth-bypass
Trust: 0.8
title:Cisco 5000 Series Enterprise Network Compute System and UCSE-SeriesServers authentication bypass vulnerability patchesurl:https://www.cnvd.org.cn/patchInfo/show/136329
Trust: 0.6
title:Cisco 5000 Series Enterprise Network Compute System  and UCS E-Series Servers Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81447
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-14575 // 
            
            
            
            JVNDB: JVNDB-2018-006586 // 
            
            
            
            CNNVD: CNNVD-201806-1115

EXTERNAL IDS
db:NVDid:CVE-2018-0362
Trust: 3.1
db:SECTRACKid:1041173
Trust: 1.7
db:JVNDBid:JVNDB-2018-006586
Trust: 0.8
db:CNNVDid:CNNVD-201806-1115
Trust: 0.7
db:CNVDid:CNVD-2018-14575
Trust: 0.6
db:VULHUBid:VHN-118564
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-14575 // 
            
            
            
            VULHUB: VHN-118564 // 
            
            
            
            JVNDB: JVNDB-2018-006586 // 
            
            
            
            CNNVD: CNNVD-201806-1115 // 
            
            
            
            NVD: CVE-2018-0362

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180620-encs-ucs-bios-auth-bypass
Trust: 1.7
url:http://www.securitytracker.com/id/1041173
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0362
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0362
Trust: 0.8
url:https://bst.cloudapps.cisco.com/bugsearch/bug/cscvh83260
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-14575 // 
            
            
            
            VULHUB: VHN-118564 // 
            
            
            
            JVNDB: JVNDB-2018-006586 // 
            
            
            
            CNNVD: CNNVD-201806-1115 // 
            
            
            
            NVD: CVE-2018-0362

SOURCES
db:CNVDid:CNVD-2018-14575
db:VULHUBid:VHN-118564
db:JVNDBid:JVNDB-2018-006586
db:CNNVDid:CNNVD-201806-1115
db:NVDid:CVE-2018-0362

LAST UPDATE DATE
2024-11-23T23:12:06.974000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-14575date:2018-08-03T00:00:00
db:VULHUBid:VHN-118564date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-006586date:2018-08-27T00:00:00
db:CNNVDid:CNNVD-201806-1115date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0362date:2024-11-21T03:38:03.917

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-14575date:2018-08-03T00:00:00
db:VULHUBid:VHN-118564date:2018-06-21T00:00:00
db:JVNDBid:JVNDB-2018-006586date:2018-08-27T00:00:00
db:CNNVDid:CNNVD-201806-1115date:2018-06-22T00:00:00
db:NVDid:CVE-2018-0362date:2018-06-21T11:29:00.977