Sign-up

ID

VAR-201810-0310


CVE

CVE-2018-0435


TITLE

Cisco Umbrella API Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011269

DESCRIPTION

A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations. Cisco Umbrella API Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks. This issue is being tracked by Cisco bug IDs CSCvj37940, CSCvj37954, CSCvj37982, CSCvj37993, CSCvj38122, and CSCvj38122

Trust: 1.98

sources: NVD: CVE-2018-0435 // JVNDB: JVNDB-2018-011269 // BID: 105283 // VULHUB: VHN-118637

AFFECTED PRODUCTS

vendor:ciscomodel:umbrellascope:eqversion:*

Trust: 1.0

vendor:ciscomodel:umbrella virtual appliancescope: - version: -

Trust: 0.8

vendor:ciscomodel:umbrellascope: - version: -

Trust: 0.6

vendor:ciscomodel:umbrella servicescope:eqversion:0

Trust: 0.3

sources: BID: 105283 // JVNDB: JVNDB-2018-011269 // CNNVD: CNNVD-201809-253 // NVD: CVE-2018-0435

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0435
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-0435
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201809-253
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118637
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0435
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118637
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0435
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 5.3
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118637 // JVNDB: JVNDB-2018-011269 // CNNVD: CNNVD-201809-253 // NVD: CVE-2018-0435

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-118637 // JVNDB: JVNDB-2018-011269 // NVD: CVE-2018-0435

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-253

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201809-253

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011269

PATCH
title:cisco-sa-20180905-umbrella-apiurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api
Trust: 0.8
title:Cisco Umbrella API Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84584
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-011269 // 
            
            
            
            CNNVD: CNNVD-201809-253

EXTERNAL IDS
db:NVDid:CVE-2018-0435
Trust: 2.8
db:BIDid:105283
Trust: 2.0
db:JVNDBid:JVNDB-2018-011269
Trust: 0.8
db:CNNVDid:CNNVD-201809-253
Trust: 0.7
db:VULHUBid:VHN-118637
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118637 // 
            
            
            
            BID: 105283 // 
            
            
            
            JVNDB: JVNDB-2018-011269 // 
            
            
            
            CNNVD: CNNVD-201809-253 // 
            
            
            
            NVD: CVE-2018-0435

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180905-umbrella-api
Trust: 2.0
url:http://www.securityfocus.com/bid/105283
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0435
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0435
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118637 // 
            
            
            
            BID: 105283 // 
            
            
            
            JVNDB: JVNDB-2018-011269 // 
            
            
            
            CNNVD: CNNVD-201809-253 // 
            
            
            
            NVD: CVE-2018-0435

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 105283

SOURCES
db:VULHUBid:VHN-118637
db:BIDid:105283
db:JVNDBid:JVNDB-2018-011269
db:CNNVDid:CNNVD-201809-253
db:NVDid:CVE-2018-0435

LAST UPDATE DATE
2024-11-23T22:26:08.999000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118637date:2019-10-09T00:00:00
db:BIDid:105283date:2018-09-05T00:00:00
db:JVNDBid:JVNDB-2018-011269date:2019-01-09T00:00:00
db:CNNVDid:CNNVD-201809-253date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0435date:2024-11-21T03:38:13.453

SOURCES RELEASE DATE
db:VULHUBid:VHN-118637date:2018-10-05T00:00:00
db:BIDid:105283date:2018-09-05T00:00:00
db:JVNDBid:JVNDB-2018-011269date:2019-01-09T00:00:00
db:CNNVDid:CNNVD-201809-253date:2018-09-06T00:00:00
db:NVDid:CVE-2018-0435date:2018-10-05T14:29:01.840