Details of VAR-201810-0337

ID

VAR-201810-0337

CVE

CVE-2018-0464

TITLE

Cisco Data Center Network Manager Path traversal vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-013485

DESCRIPTION

A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system. This issue is being tracked by Cisco Bug ID CSCvj86072. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.98

sources: NVD: CVE-2018-0464 // JVNDB: JVNDB-2018-013485 // BID: 105159 // VULHUB: VHN-118666

AFFECTED PRODUCTS

vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	10.2	Trust: 1.9
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	10.1	Trust: 1.9
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	10.0	Trust: 1.9
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	7.1\(1\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	10.3\(1\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	7.0\(1\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	6.3\(1\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	7.0\(2\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	6.3\(2\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	7.1(1)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	7.0(2)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	7.0(1)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	6.3(2)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	6.3(1)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	10.3(1)	Trust: 0.3
vendor:	cisco	model:	data center network manager	scope:	ne	version:	11.0(1)	Trust: 0.3

sources: BID: 105159 // JVNDB: JVNDB-2018-013485 // CNNVD: CNNVD-201808-953 // NVD: CVE-2018-0464

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0464
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0464
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201808-953
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118666
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0464
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118666
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0464
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118666 // JVNDB: JVNDB-2018-013485 // CNNVD: CNNVD-201808-953 // NVD: CVE-2018-0464

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-118666 // JVNDB: JVNDB-2018-013485 // NVD: CVE-2018-0464

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-953

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201808-953

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013485

PATCH

title:	cisco-sa-20180828-dcnm-traversal	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-traversal	Trust: 0.8
title:	Cisco Data Center Network Manager Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84376	Trust: 0.6

sources: JVNDB: JVNDB-2018-013485 // CNNVD: CNNVD-201808-953

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0464	Trust: 2.8
db:	BID	id:	105159	Trust: 2.0
db:	TENABLE	id:	TRA-2018-20	Trust: 1.7
db:	SECTRACK	id:	1041585	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-013485	Trust: 0.8
db:	CNNVD	id:	CNNVD-201808-953	Trust: 0.7
db:	SEEBUG	id:	SSVID-97546	Trust: 0.1
db:	VULHUB	id:	VHN-118666	Trust: 0.1

sources: VULHUB: VHN-118666 // BID: 105159 // JVNDB: JVNDB-2018-013485 // CNNVD: CNNVD-201808-953 // NVD: CVE-2018-0464

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180828-dcnm-traversal	Trust: 2.0
url:	http://www.securityfocus.com/bid/105159	Trust: 1.7
url:	https://www.tenable.com/security/research/tra-2018-20	Trust: 1.7
url:	http://www.securitytracker.com/id/1041585	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0464	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0464	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118666 // BID: 105159 // JVNDB: JVNDB-2018-013485 // CNNVD: CNNVD-201808-953 // NVD: CVE-2018-0464

CREDITS

Inc.,Tenable

Trust: 0.6

sources: CNNVD: CNNVD-201808-953

SOURCES

db:	VULHUB	id:	VHN-118666
db:	BID	id:	105159
db:	JVNDB	id:	JVNDB-2018-013485
db:	CNNVD	id:	CNNVD-201808-953
db:	NVD	id:	CVE-2018-0464

LAST UPDATE DATE

2024-08-14T13:27:32.495000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118666	date:	2019-10-09T00:00:00
db:	BID	id:	105159	date:	2018-08-28T00:00:00
db:	JVNDB	id:	JVNDB-2018-013485	date:	2019-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201808-953	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0464	date:	2019-10-09T23:32:08.600

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118666	date:	2018-10-05T00:00:00
db:	BID	id:	105159	date:	2018-08-28T00:00:00
db:	JVNDB	id:	JVNDB-2018-013485	date:	2019-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201808-953	date:	2018-08-30T00:00:00
db:	NVD	id:	CVE-2018-0464	date:	2018-10-05T16:29:00.440