ID

VAR-201810-0337


CVE

CVE-2018-0464


TITLE

Cisco Data Center Network Manager Path traversal vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-013485

DESCRIPTION

A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system. This issue is being tracked by Cisco Bug ID CSCvj86072. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.98

sources: NVD: CVE-2018-0464 // JVNDB: JVNDB-2018-013485 // BID: 105159 // VULHUB: VHN-118666

AFFECTED PRODUCTS

vendor:ciscomodel:prime data center network managerscope:eqversion:10.2

Trust: 1.9

vendor:ciscomodel:prime data center network managerscope:eqversion:10.1

Trust: 1.9

vendor:ciscomodel:prime data center network managerscope:eqversion:10.0

Trust: 1.9

vendor:ciscomodel:prime data center network managerscope:eqversion:7.1\(1\)

Trust: 1.6

vendor:ciscomodel:prime data center network managerscope:eqversion:10.3\(1\)

Trust: 1.6

vendor:ciscomodel:prime data center network managerscope:eqversion:7.0\(1\)

Trust: 1.6

vendor:ciscomodel:prime data center network managerscope:eqversion:6.3\(1\)

Trust: 1.6

vendor:ciscomodel:prime data center network managerscope:eqversion:7.0\(2\)

Trust: 1.6

vendor:ciscomodel:prime data center network managerscope:eqversion:6.3\(2\)

Trust: 1.6

vendor:ciscomodel:prime data center network managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:prime data center network managerscope:eqversion:7.1(1)

Trust: 0.3

vendor:ciscomodel:prime data center network managerscope:eqversion:7.0(2)

Trust: 0.3

vendor:ciscomodel:prime data center network managerscope:eqversion:7.0(1)

Trust: 0.3

vendor:ciscomodel:prime data center network managerscope:eqversion:6.3(2)

Trust: 0.3

vendor:ciscomodel:prime data center network managerscope:eqversion:6.3(1)

Trust: 0.3

vendor:ciscomodel:prime data center network managerscope:eqversion:10.3(1)

Trust: 0.3

vendor:ciscomodel:data center network managerscope:neversion:11.0(1)

Trust: 0.3

sources: BID: 105159 // JVNDB: JVNDB-2018-013485 // CNNVD: CNNVD-201808-953 // NVD: CVE-2018-0464

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0464
value: HIGH

Trust: 1.0

NVD: CVE-2018-0464
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201808-953
value: HIGH

Trust: 0.6

VULHUB: VHN-118666
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0464
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118666
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0464
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118666 // JVNDB: JVNDB-2018-013485 // CNNVD: CNNVD-201808-953 // NVD: CVE-2018-0464

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-118666 // JVNDB: JVNDB-2018-013485 // NVD: CVE-2018-0464

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-953

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201808-953

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013485

PATCH

title:cisco-sa-20180828-dcnm-traversalurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-traversal

Trust: 0.8

title:Cisco Data Center Network Manager Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84376

Trust: 0.6

sources: JVNDB: JVNDB-2018-013485 // CNNVD: CNNVD-201808-953

EXTERNAL IDS

db:NVDid:CVE-2018-0464

Trust: 2.8

db:BIDid:105159

Trust: 2.0

db:TENABLEid:TRA-2018-20

Trust: 1.7

db:SECTRACKid:1041585

Trust: 1.7

db:JVNDBid:JVNDB-2018-013485

Trust: 0.8

db:CNNVDid:CNNVD-201808-953

Trust: 0.7

db:SEEBUGid:SSVID-97546

Trust: 0.1

db:VULHUBid:VHN-118666

Trust: 0.1

sources: VULHUB: VHN-118666 // BID: 105159 // JVNDB: JVNDB-2018-013485 // CNNVD: CNNVD-201808-953 // NVD: CVE-2018-0464

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180828-dcnm-traversal

Trust: 2.0

url:http://www.securityfocus.com/bid/105159

Trust: 1.7

url:https://www.tenable.com/security/research/tra-2018-20

Trust: 1.7

url:http://www.securitytracker.com/id/1041585

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0464

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-0464

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-118666 // BID: 105159 // JVNDB: JVNDB-2018-013485 // CNNVD: CNNVD-201808-953 // NVD: CVE-2018-0464

CREDITS

Inc.,Tenable

Trust: 0.6

sources: CNNVD: CNNVD-201808-953

SOURCES

db:VULHUBid:VHN-118666
db:BIDid:105159
db:JVNDBid:JVNDB-2018-013485
db:CNNVDid:CNNVD-201808-953
db:NVDid:CVE-2018-0464

LAST UPDATE DATE

2024-08-14T13:27:32.495000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-118666date:2019-10-09T00:00:00
db:BIDid:105159date:2018-08-28T00:00:00
db:JVNDBid:JVNDB-2018-013485date:2019-02-21T00:00:00
db:CNNVDid:CNNVD-201808-953date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0464date:2019-10-09T23:32:08.600

SOURCES RELEASE DATE

db:VULHUBid:VHN-118666date:2018-10-05T00:00:00
db:BIDid:105159date:2018-08-28T00:00:00
db:JVNDBid:JVNDB-2018-013485date:2019-02-21T00:00:00
db:CNNVDid:CNNVD-201808-953date:2018-08-30T00:00:00
db:NVDid:CVE-2018-0464date:2018-10-05T16:29:00.440