Sign-up

ID

VAR-201807-0428


CVE

CVE-2018-0383


TITLE

Cisco FireSIGHT System Vulnerability related to failure of protection mechanism in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-008401

DESCRIPTION

A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the transfer of files to an affected system via FTP. The vulnerability exists because the affected software incorrectly handles FTP control connections. An attacker could exploit this vulnerability by sending a maliciously crafted FTP connection to transfer a file to an affected device. A successful exploit could allow the attacker to bypass a file policy that is configured to apply the Block upload with reset action to FTP traffic. Cisco Bug IDs: CSCvh70130. Cisco FireSIGHT System The software is vulnerable to a defect in the protection mechanism. Vendors have confirmed this vulnerability Bug ID CSCvh70130 It is released as.Information may be tampered with. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Cisco FireSIGHT System Software is a set of management center software of Cisco (Cisco), which supports centralized management of the network security and operation functions of Cisco ASA and Cisco FirePOWER network security devices using FirePOWER Services

Trust: 1.98

sources: NVD: CVE-2018-0383 // JVNDB: JVNDB-2018-008401 // BID: 104726 // VULHUB: VHN-118585

AFFECTED PRODUCTS

vendor:ciscomodel:secure firewall management centerscope:eqversion:6.3.0

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:6.2.3

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:6.2.2.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3

Trust: 0.9

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2.1

Trust: 0.9

vendor:ciscomodel:firepower management centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower management centerscope:eqversion:6.3.0

Trust: 0.6

vendor:ciscomodel:firesight system softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.3

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:neversion:6.2.3.2

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:neversion:6.2.2.4

Trust: 0.3

sources: BID: 104726 // JVNDB: JVNDB-2018-008401 // CNNVD: CNNVD-201807-1217 // NVD: CVE-2018-0383

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0383
value: HIGH

Trust: 1.0

NVD: CVE-2018-0383
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201807-1217
value: HIGH

Trust: 0.6

VULHUB: VHN-118585
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0383
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118585
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0383
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118585 // JVNDB: JVNDB-2018-008401 // CNNVD: CNNVD-201807-1217 // NVD: CVE-2018-0383

PROBLEMTYPE DATA

problemtype:CWE-693

Trust: 1.9

sources: VULHUB: VHN-118585 // JVNDB: JVNDB-2018-008401 // NVD: CVE-2018-0383

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1217

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201807-1217

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008401

PATCH
title:cisco-sa-20180711-firesight-file-bypassurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-firesight-file-bypass
Trust: 0.8
title:Cisco FireSIGHT System Software Fixing measures for detecting engine security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82161
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008401 // 
            
            
            
            CNNVD: CNNVD-201807-1217

EXTERNAL IDS
db:NVDid:CVE-2018-0383
Trust: 2.8
db:BIDid:104726
Trust: 2.0
db:SECTRACKid:1041283
Trust: 1.7
db:JVNDBid:JVNDB-2018-008401
Trust: 0.8
db:CNNVDid:CNNVD-201807-1217
Trust: 0.7
db:VULHUBid:VHN-118585
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118585 // 
            
            
            
            BID: 104726 // 
            
            
            
            JVNDB: JVNDB-2018-008401 // 
            
            
            
            CNNVD: CNNVD-201807-1217 // 
            
            
            
            NVD: CVE-2018-0383

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180711-firesight-file-bypass
Trust: 2.0
url:http://www.securityfocus.com/bid/104726
Trust: 1.7
url:http://www.securitytracker.com/id/1041283
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0383
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0383
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118585 // 
            
            
            
            BID: 104726 // 
            
            
            
            JVNDB: JVNDB-2018-008401 // 
            
            
            
            CNNVD: CNNVD-201807-1217 // 
            
            
            
            NVD: CVE-2018-0383

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 104726

SOURCES
db:VULHUBid:VHN-118585
db:BIDid:104726
db:JVNDBid:JVNDB-2018-008401
db:CNNVDid:CNNVD-201807-1217
db:NVDid:CVE-2018-0383

LAST UPDATE DATE
2024-11-27T23:05:20.527000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118585date:2019-10-09T00:00:00
db:BIDid:104726date:2018-07-11T00:00:00
db:JVNDBid:JVNDB-2018-008401date:2018-10-16T00:00:00
db:CNNVDid:CNNVD-201807-1217date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0383date:2024-11-26T16:09:02.407

SOURCES RELEASE DATE
db:VULHUBid:VHN-118585date:2018-07-16T00:00:00
db:BIDid:104726date:2018-07-11T00:00:00
db:JVNDBid:JVNDB-2018-008401date:2018-10-16T00:00:00
db:CNNVDid:CNNVD-201807-1217date:2018-07-17T00:00:00
db:NVDid:CVE-2018-0383date:2018-07-16T17:29:00.597