Sign-up

ID

VAR-201807-0438


CVE

CVE-2018-0399


TITLE

Cisco Finesse Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-008169

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044. Vendors have confirmed this vulnerability Bug ID CSCvg71044 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Finesse is prone to a server-side request forgery vulnerability and an information-disclosure vulnerability. A successful exploit may allow an attacker to obtain sensitive information, perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. The software improves call center service quality, improves customer experience, and increases agent satisfaction. The vulnerability stems from the fact that the program pre-fills the Password field of the login form with a password previously stored in the internal database

Trust: 2.07

sources: NVD: CVE-2018-0399 // JVNDB: JVNDB-2018-008169 // BID: 104886 // VULHUB: VHN-118601 // VULMON: CVE-2018-0399

AFFECTED PRODUCTS

vendor:ciscomodel:finessescope:eqversion:11.5\(1\)

Trust: 1.6

vendor:ciscomodel:finessescope: - version: -

Trust: 0.8

vendor:ciscomodel:finessescope:eqversion:0

Trust: 0.3

sources: BID: 104886 // JVNDB: JVNDB-2018-008169 // CNNVD: CNNVD-201807-1286 // NVD: CVE-2018-0399

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0399
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-0399
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201807-1286
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118601
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-0399
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0399
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-118601
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0399
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118601 // VULMON: CVE-2018-0399 // JVNDB: JVNDB-2018-008169 // CNNVD: CNNVD-201807-1286 // NVD: CVE-2018-0399

PROBLEMTYPE DATA

problemtype:CWE-918

Trust: 1.1

problemtype:CWE-264

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-118601 // JVNDB: JVNDB-2018-008169 // NVD: CVE-2018-0399

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1286

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201807-1286

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008169

PATCH
title:cisco-sa-20180718-finesseurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-finesse
Trust: 0.8
title:Cisco Finesse Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82187
Trust: 0.6
title:Cisco: Multiple Vulnerabilities in Cisco Finesseurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180718-finesse
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-0399 // 
            
            
            
            JVNDB: JVNDB-2018-008169 // 
            
            
            
            CNNVD: CNNVD-201807-1286

EXTERNAL IDS
db:NVDid:CVE-2018-0399
Trust: 2.9
db:BIDid:104886
Trust: 2.1
db:JVNDBid:JVNDB-2018-008169
Trust: 0.8
db:CNNVDid:CNNVD-201807-1286
Trust: 0.7
db:VULHUBid:VHN-118601
Trust: 0.1
db:VULMONid:CVE-2018-0399
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118601 // 
            
            
            
            VULMON: CVE-2018-0399 // 
            
            
            
            BID: 104886 // 
            
            
            
            JVNDB: JVNDB-2018-008169 // 
            
            
            
            CNNVD: CNNVD-201807-1286 // 
            
            
            
            NVD: CVE-2018-0399

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180718-finesse
Trust: 2.2
url:http://www.securityfocus.com/bid/104886
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0399
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0399
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/918.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118601 // 
            
            
            
            VULMON: CVE-2018-0399 // 
            
            
            
            BID: 104886 // 
            
            
            
            JVNDB: JVNDB-2018-008169 // 
            
            
            
            CNNVD: CNNVD-201807-1286 // 
            
            
            
            NVD: CVE-2018-0399

CREDITS
Filip Waeytens of NCI Agency Cyber Security
Trust: 0.3
sources:
            
            
            BID: 104886

SOURCES
db:VULHUBid:VHN-118601
db:VULMONid:CVE-2018-0399
db:BIDid:104886
db:JVNDBid:JVNDB-2018-008169
db:CNNVDid:CNNVD-201807-1286
db:NVDid:CVE-2018-0399

LAST UPDATE DATE
2024-11-23T22:26:17.182000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118601date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-0399date:2019-10-09T00:00:00
db:BIDid:104886date:2018-07-18T00:00:00
db:JVNDBid:JVNDB-2018-008169date:2018-10-10T00:00:00
db:CNNVDid:CNNVD-201807-1286date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0399date:2024-11-21T03:38:08.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-118601date:2018-07-18T00:00:00
db:VULMONid:CVE-2018-0399date:2018-07-18T00:00:00
db:BIDid:104886date:2018-07-18T00:00:00
db:JVNDBid:JVNDB-2018-008169date:2018-10-10T00:00:00
db:CNNVDid:CNNVD-201807-1286date:2018-07-19T00:00:00
db:NVDid:CVE-2018-0399date:2018-07-18T23:29:01.367