Details of VAR-201810-0568

ID

VAR-201810-0568

CVE

CVE-2018-15376

TITLE

Cisco 800 Series Industrial Integrated Services Routers of Cisco IOS Vulnerability related to the state where arbitrary values can be written to arbitrary locations in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-011565

DESCRIPTION

A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device. Cisco 807, 809, and 829 Industrial Integrated ServicesRouter are all Cisco router products. IOS Software is the operating system that Cisco runs for its network devices

Trust: 2.34

sources: NVD: CVE-2018-15376 // JVNDB: JVNDB-2018-011565 // CNVD: CNVD-2018-20771 // VULHUB: VHN-125629 // VULMON: CVE-2018-15376

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-20771

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(2.21\)t	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m	Trust: 1.6
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	809industrial integrated services router	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	807industrial integrated services router	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	829industrial integrated services router	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-20771 // JVNDB: JVNDB-2018-011565 // CNNVD: CNNVD-201809-1266 // NVD: CVE-2018-15376

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15376
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-15376
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-20771
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201809-1266
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-125629
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-15376
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-15376
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-20771
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-125629
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15376
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-20771 // VULHUB: VHN-125629 // VULMON: CVE-2018-15376 // JVNDB: JVNDB-2018-011565 // CNNVD: CNNVD-201809-1266 // NVD: CVE-2018-15376

PROBLEMTYPE DATA

problemtype:

CWE-123

Trust: 1.9

sources: VULHUB: VHN-125629 // JVNDB: JVNDB-2018-011565 // NVD: CVE-2018-15376

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201809-1266

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201809-1266

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011565

PATCH

title:	cisco-sa-20180926-ir800-memwrite	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ir800-memwrite	Trust: 0.8
title:	Cisco IOS Software for Cisco800 SeriesIndustrialIntegratedServicesRouters Patch for Any Memory Write Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/142171	Trust: 0.6
title:	Cisco 807 , 809 and 829 Industrial Integrated Services Router IOS Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85275	Trust: 0.6
title:	Cisco: Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Arbitrary Memory Write Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180926-ir800-memwrite	Trust: 0.1

sources: CNVD: CNVD-2018-20771 // VULMON: CVE-2018-15376 // JVNDB: JVNDB-2018-011565 // CNNVD: CNNVD-201809-1266

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15376	Trust: 3.2
db:	JVNDB	id:	JVNDB-2018-011565	Trust: 0.8
db:	CNNVD	id:	CNNVD-201809-1266	Trust: 0.7
db:	CNVD	id:	CNVD-2018-20771	Trust: 0.6
db:	AUSCERT	id:	ESB-2018.2903.2	Trust: 0.6
db:	VULHUB	id:	VHN-125629	Trust: 0.1
db:	VULMON	id:	CVE-2018-15376	Trust: 0.1

sources: CNVD: CNVD-2018-20771 // VULHUB: VHN-125629 // VULMON: CVE-2018-15376 // JVNDB: JVNDB-2018-011565 // CNNVD: CNNVD-201809-1266 // NVD: CVE-2018-15376

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-ir800-memwrite	Trust: 1.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15376	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15376	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-ir800-memwri	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-ptp	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2018.2903.2/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/123.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2018-20771 // VULHUB: VHN-125629 // VULMON: CVE-2018-15376 // JVNDB: JVNDB-2018-011565 // CNNVD: CNNVD-201809-1266 // NVD: CVE-2018-15376

SOURCES

db:	CNVD	id:	CNVD-2018-20771
db:	VULHUB	id:	VHN-125629
db:	VULMON	id:	CVE-2018-15376
db:	JVNDB	id:	JVNDB-2018-011565
db:	CNNVD	id:	CNNVD-201809-1266
db:	NVD	id:	CVE-2018-15376

LAST UPDATE DATE

2024-08-14T13:45:32.774000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-20771	date:	2018-10-12T00:00:00
db:	VULHUB	id:	VHN-125629	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2018-15376	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-011565	date:	2019-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201809-1266	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-15376	date:	2019-10-09T23:35:28.937

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-20771	date:	2018-10-12T00:00:00
db:	VULHUB	id:	VHN-125629	date:	2018-10-05T00:00:00
db:	VULMON	id:	CVE-2018-15376	date:	2018-10-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-011565	date:	2019-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201809-1266	date:	2018-09-28T00:00:00
db:	NVD	id:	CVE-2018-15376	date:	2018-10-05T14:29:06.777