ID

VAR-201810-0567


CVE

CVE-2018-15375


TITLE

Cisco 800 Series Industrial Integrated Services Routers of Cisco IOS Vulnerability related to the state where arbitrary values can be written to arbitrary locations in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-011571

DESCRIPTION

A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device. Cisco 807, 809, and 829 Industrial Integrated Services Router are router products of Cisco. IOS Software is the operating system that Cisco runs for its network devices

Trust: 2.25

sources: NVD: CVE-2018-15375 // JVNDB: JVNDB-2018-011571 // CNVD: CNVD-2018-20773 // VULHUB: VHN-125628

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-20773

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.5\(2.21\)t

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m

Trust: 1.6

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:809industrial integrated services routerscope: - version: -

Trust: 0.6

vendor:ciscomodel:807industrial integrated services routerscope: - version: -

Trust: 0.6

vendor:ciscomodel:829industrial integrated services routerscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-20773 // JVNDB: JVNDB-2018-011571 // CNNVD: CNNVD-201809-1265 // NVD: CVE-2018-15375

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15375
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-15375
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-20773
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201809-1265
value: MEDIUM

Trust: 0.6

VULHUB: VHN-125628
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-15375
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-20773
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-125628
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15375
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-20773 // VULHUB: VHN-125628 // JVNDB: JVNDB-2018-011571 // CNNVD: CNNVD-201809-1265 // NVD: CVE-2018-15375

PROBLEMTYPE DATA

problemtype:CWE-123

Trust: 1.9

sources: VULHUB: VHN-125628 // JVNDB: JVNDB-2018-011571 // NVD: CVE-2018-15375

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201809-1265

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201809-1265

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011571

PATCH

title:cisco-sa-20180926-ir800-memwriteurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ir800-memwrite

Trust: 0.8

title:Cisco 807, 809, and 829 Industrial Integrated ServicesRouter patches for arbitrary memory write vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/142175

Trust: 0.6

title:Cisco 807 , 809 and 829 Industrial Integrated Services Router Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85274

Trust: 0.6

sources: CNVD: CNVD-2018-20773 // JVNDB: JVNDB-2018-011571 // CNNVD: CNNVD-201809-1265

EXTERNAL IDS

db:NVDid:CVE-2018-15375

Trust: 3.1

db:JVNDBid:JVNDB-2018-011571

Trust: 0.8

db:CNNVDid:CNNVD-201809-1265

Trust: 0.7

db:CNVDid:CNVD-2018-20773

Trust: 0.6

db:AUSCERTid:ESB-2018.2903.2

Trust: 0.6

db:VULHUBid:VHN-125628

Trust: 0.1

sources: CNVD: CNVD-2018-20773 // VULHUB: VHN-125628 // JVNDB: JVNDB-2018-011571 // CNNVD: CNNVD-201809-1265 // NVD: CVE-2018-15375

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-ir800-memwrite

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15375

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-15375

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-ir800-memwri

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-ptp

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2018.2903.2/

Trust: 0.6

sources: CNVD: CNVD-2018-20773 // VULHUB: VHN-125628 // JVNDB: JVNDB-2018-011571 // CNNVD: CNNVD-201809-1265 // NVD: CVE-2018-15375

SOURCES

db:CNVDid:CNVD-2018-20773
db:VULHUBid:VHN-125628
db:JVNDBid:JVNDB-2018-011571
db:CNNVDid:CNNVD-201809-1265
db:NVDid:CVE-2018-15375

LAST UPDATE DATE

2024-08-14T13:45:32.429000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-20773date:2018-10-15T00:00:00
db:VULHUBid:VHN-125628date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-011571date:2019-01-17T00:00:00
db:CNNVDid:CNNVD-201809-1265date:2019-10-17T00:00:00
db:NVDid:CVE-2018-15375date:2019-10-09T23:35:28.813

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-20773date:2018-10-12T00:00:00
db:VULHUBid:VHN-125628date:2018-10-05T00:00:00
db:JVNDBid:JVNDB-2018-011571date:2019-01-17T00:00:00
db:CNNVDid:CNNVD-201809-1265date:2018-09-28T00:00:00
db:NVDid:CVE-2018-15375date:2018-10-05T14:29:06.653