ID

VAR-201810-0348


CVE

CVE-2018-0477


TITLE

Cisco IOS XE Software command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-010831

DESCRIPTION

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device. Cisco IOS XE The software contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco IOSXESoftware is a set of operating systems developed by Cisco for its network devices. CLIparser is one of the command line command parsers. A CLI injection resolver exists in the CLI parser in Cisco IOSXESoftware that caused the affected application to fail to properly filter command parameters. Cisco IOS XE Software is prone to a local command-injection vulnerability because it fails to properly sanitize user-supplied input. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvh02919

Trust: 2.61

sources: NVD: CVE-2018-0477 // JVNDB: JVNDB-2018-010831 // CNVD: CNVD-2018-20300 // BID: 106314 // VULHUB: VHN-118679 // VULMON: CVE-2018-0477

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-20300

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.7\(1\)

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:15.3\(3\)s3.16

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:16.7.1

Trust: 1.6

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xe softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2018-20300 // BID: 106314 // JVNDB: JVNDB-2018-010831 // CNNVD: CNNVD-201809-1257 // NVD: CVE-2018-0477

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0477
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0477
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-20300
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201809-1257
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118679
value: HIGH

Trust: 0.1

VULMON: CVE-2018-0477
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0477
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-20300
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118679
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0477
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-0477
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-20300 // VULHUB: VHN-118679 // VULMON: CVE-2018-0477 // JVNDB: JVNDB-2018-010831 // CNNVD: CNNVD-201809-1257 // NVD: CVE-2018-0477

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

problemtype:CWE-78

Trust: 1.1

sources: VULHUB: VHN-118679 // JVNDB: JVNDB-2018-010831 // NVD: CVE-2018-0477

THREAT TYPE

local

Trust: 0.9

sources: BID: 106314 // CNNVD: CNNVD-201809-1257

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201809-1257

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-010831

PATCH

title:cisco-sa-20180926-iosxe-cmdinjurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj

Trust: 0.8

title:Patch for Cisco IOSXESoftwareCLI Parser Command Injection Vulnerability (CNVD-2018-20300)url:https://www.cnvd.org.cn/patchInfo/show/141481

Trust: 0.6

title:Cisco IOS XE Software CLI Fixup for parser command injection vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85266

Trust: 0.6

title:Cisco: Cisco IOS XE Software Command Injection Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180926-iosxe-cmdinj

Trust: 0.1

title:VSCANurl:https://github.com/lucabrasi83/vscan

Trust: 0.1

sources: CNVD: CNVD-2018-20300 // VULMON: CVE-2018-0477 // JVNDB: JVNDB-2018-010831 // CNNVD: CNNVD-201809-1257

EXTERNAL IDS

db:NVDid:CVE-2018-0477

Trust: 3.5

db:SECTRACKid:1041737

Trust: 1.8

db:JVNDBid:JVNDB-2018-010831

Trust: 0.8

db:CNNVDid:CNNVD-201809-1257

Trust: 0.7

db:CNVDid:CNVD-2018-20300

Trust: 0.6

db:BIDid:106314

Trust: 0.3

db:VULHUBid:VHN-118679

Trust: 0.1

db:VULMONid:CVE-2018-0477

Trust: 0.1

sources: CNVD: CNVD-2018-20300 // VULHUB: VHN-118679 // VULMON: CVE-2018-0477 // BID: 106314 // JVNDB: JVNDB-2018-010831 // CNNVD: CNNVD-201809-1257 // NVD: CVE-2018-0477

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-iosxe-cmdinj

Trust: 2.8

url:http://www.securitytracker.com/id/1041737

Trust: 1.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0477

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-0477

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/lucabrasi83/vscan

Trust: 0.1

sources: CNVD: CNVD-2018-20300 // VULHUB: VHN-118679 // VULMON: CVE-2018-0477 // BID: 106314 // JVNDB: JVNDB-2018-010831 // CNNVD: CNNVD-201809-1257 // NVD: CVE-2018-0477

CREDITS

Cisco.

Trust: 0.3

sources: BID: 106314

SOURCES

db:CNVDid:CNVD-2018-20300
db:VULHUBid:VHN-118679
db:VULMONid:CVE-2018-0477
db:BIDid:106314
db:JVNDBid:JVNDB-2018-010831
db:CNNVDid:CNNVD-201809-1257
db:NVDid:CVE-2018-0477

LAST UPDATE DATE

2024-08-14T13:45:32.462000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-20300date:2018-09-30T00:00:00
db:VULHUBid:VHN-118679date:2020-08-28T00:00:00
db:VULMONid:CVE-2018-0477date:2020-08-28T00:00:00
db:BIDid:106314date:2018-09-26T00:00:00
db:JVNDBid:JVNDB-2018-010831date:2018-12-25T00:00:00
db:CNNVDid:CNNVD-201809-1257date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0477date:2020-08-28T18:46:50.487

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-20300date:2018-09-30T00:00:00
db:VULHUBid:VHN-118679date:2018-10-05T00:00:00
db:VULMONid:CVE-2018-0477date:2018-10-05T00:00:00
db:BIDid:106314date:2018-09-26T00:00:00
db:JVNDBid:JVNDB-2018-010831date:2018-12-25T00:00:00
db:CNNVDid:CNNVD-201809-1257date:2018-09-28T00:00:00
db:NVDid:CVE-2018-0477date:2018-10-05T14:29:05.450