Details of VAR-201810-0335

ID

VAR-201810-0335

CVE

CVE-2018-0462

TITLE

Cisco Enterprise NFV Infrastructure Software Input validation vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-013265 // CNNVD: CNNVD-201809-277

DESCRIPTION

A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a denial of service (DoS) attack against an affected system. The vulnerability is due to insufficient validation of user-provided input. An attacker could exploit this vulnerability by logging in with a highly privileged user account and performing a sequence of specific user management operations that interfere with the underlying operating system. A successful exploit could allow the attacker to permanently degrade the functionality of the affected system. Attackers can exploit this issue to cause denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCvi09672. The platform can realize the full lifecycle management of virtualized services through the central coordinator and controller

Trust: 1.98

sources: NVD: CVE-2018-0462 // JVNDB: JVNDB-2018-013265 // BID: 105291 // VULHUB: VHN-118664

AFFECTED PRODUCTS

vendor:	cisco	model:	enterprise network virtualization software	scope:	eq	version:	nfvis-8.0	Trust: 1.6
vendor:	cisco	model:	enterprise network virtualization software	scope:	eq	version:	nfvis-6.0	Trust: 1.6
vendor:	cisco	model:	enterprise nfv infrastructure software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	enterprise nfv infrastructure software	scope:	eq	version:	0	Trust: 0.3

sources: BID: 105291 // JVNDB: JVNDB-2018-013265 // CNNVD: CNNVD-201809-277 // NVD: CVE-2018-0462

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0462
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0462
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201809-277
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118664
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0462
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118664
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0462
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118664 // JVNDB: JVNDB-2018-013265 // CNNVD: CNNVD-201809-277 // NVD: CVE-2018-0462

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-118664 // JVNDB: JVNDB-2018-013265 // NVD: CVE-2018-0462

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-277

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201809-277

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013265

PATCH

title:	cisco-sa-20180905-nfvis-dos1	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-dos1	Trust: 0.8
title:	Cisco Enterprise NFV Infrastructure Software Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84608	Trust: 0.6

sources: JVNDB: JVNDB-2018-013265 // CNNVD: CNNVD-201809-277

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0462	Trust: 2.8
db:	BID	id:	105291	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-013265	Trust: 0.8
db:	CNNVD	id:	CNNVD-201809-277	Trust: 0.7
db:	VULHUB	id:	VHN-118664	Trust: 0.1

sources: VULHUB: VHN-118664 // BID: 105291 // JVNDB: JVNDB-2018-013265 // CNNVD: CNNVD-201809-277 // NVD: CVE-2018-0462

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180905-nfvis-dos1	Trust: 2.0
url:	http://www.securityfocus.com/bid/105291	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0462	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0462	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118664 // BID: 105291 // JVNDB: JVNDB-2018-013265 // CNNVD: CNNVD-201809-277 // NVD: CVE-2018-0462

CREDITS

Security Teams of Orange Group

Trust: 0.3

sources: BID: 105291

SOURCES

db:	VULHUB	id:	VHN-118664
db:	BID	id:	105291
db:	JVNDB	id:	JVNDB-2018-013265
db:	CNNVD	id:	CNNVD-201809-277
db:	NVD	id:	CVE-2018-0462

LAST UPDATE DATE

2024-08-14T14:51:25.550000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118664	date:	2019-10-09T00:00:00
db:	BID	id:	105291	date:	2018-09-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-013265	date:	2019-02-18T00:00:00
db:	CNNVD	id:	CNNVD-201809-277	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0462	date:	2019-10-09T23:32:08.367

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118664	date:	2018-10-05T00:00:00
db:	BID	id:	105291	date:	2018-09-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-013265	date:	2019-02-18T00:00:00
db:	CNNVD	id:	CNNVD-201809-277	date:	2018-09-06T00:00:00
db:	NVD	id:	CVE-2018-0462	date:	2018-10-05T14:29:04.137