ID

VAR-201810-0568


CVE

CVE-2018-15376


TITLE

Cisco 800 Series Industrial Integrated Services Routers of Cisco IOS Vulnerability related to the state where arbitrary values can be written to arbitrary locations in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-011565

DESCRIPTION

A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device. Cisco 807, 809, and 829 Industrial Integrated ServicesRouter are all Cisco router products. IOS Software is the operating system that Cisco runs for its network devices

Trust: 2.34

sources: NVD: CVE-2018-15376 // JVNDB: JVNDB-2018-011565 // CNVD: CNVD-2018-20771 // VULHUB: VHN-125629 // VULMON: CVE-2018-15376

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-20771

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.5\(2.21\)t

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m

Trust: 1.6

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:809industrial integrated services routerscope: - version: -

Trust: 0.6

vendor:ciscomodel:807industrial integrated services routerscope: - version: -

Trust: 0.6

vendor:ciscomodel:829industrial integrated services routerscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-20771 // JVNDB: JVNDB-2018-011565 // CNNVD: CNNVD-201809-1266 // NVD: CVE-2018-15376

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15376
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-15376
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-20771
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201809-1266
value: MEDIUM

Trust: 0.6

VULHUB: VHN-125629
value: HIGH

Trust: 0.1

VULMON: CVE-2018-15376
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-15376
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-20771
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-125629
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15376
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-20771 // VULHUB: VHN-125629 // VULMON: CVE-2018-15376 // JVNDB: JVNDB-2018-011565 // CNNVD: CNNVD-201809-1266 // NVD: CVE-2018-15376

PROBLEMTYPE DATA

problemtype:CWE-123

Trust: 1.9

sources: VULHUB: VHN-125629 // JVNDB: JVNDB-2018-011565 // NVD: CVE-2018-15376

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201809-1266

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201809-1266

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011565

PATCH

title:cisco-sa-20180926-ir800-memwriteurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ir800-memwrite

Trust: 0.8

title:Cisco IOS Software for Cisco800 SeriesIndustrialIntegratedServicesRouters Patch for Any Memory Write Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/142171

Trust: 0.6

title:Cisco 807 , 809 and 829 Industrial Integrated Services Router IOS Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85275

Trust: 0.6

title:Cisco: Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Arbitrary Memory Write Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180926-ir800-memwrite

Trust: 0.1

sources: CNVD: CNVD-2018-20771 // VULMON: CVE-2018-15376 // JVNDB: JVNDB-2018-011565 // CNNVD: CNNVD-201809-1266

EXTERNAL IDS

db:NVDid:CVE-2018-15376

Trust: 3.2

db:JVNDBid:JVNDB-2018-011565

Trust: 0.8

db:CNNVDid:CNNVD-201809-1266

Trust: 0.7

db:CNVDid:CNVD-2018-20771

Trust: 0.6

db:AUSCERTid:ESB-2018.2903.2

Trust: 0.6

db:VULHUBid:VHN-125629

Trust: 0.1

db:VULMONid:CVE-2018-15376

Trust: 0.1

sources: CNVD: CNVD-2018-20771 // VULHUB: VHN-125629 // VULMON: CVE-2018-15376 // JVNDB: JVNDB-2018-011565 // CNNVD: CNNVD-201809-1266 // NVD: CVE-2018-15376

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-ir800-memwrite

Trust: 1.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15376

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-15376

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-ir800-memwri

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-ptp

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2018.2903.2/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/123.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2018-20771 // VULHUB: VHN-125629 // VULMON: CVE-2018-15376 // JVNDB: JVNDB-2018-011565 // CNNVD: CNNVD-201809-1266 // NVD: CVE-2018-15376

SOURCES

db:CNVDid:CNVD-2018-20771
db:VULHUBid:VHN-125629
db:VULMONid:CVE-2018-15376
db:JVNDBid:JVNDB-2018-011565
db:CNNVDid:CNNVD-201809-1266
db:NVDid:CVE-2018-15376

LAST UPDATE DATE

2024-08-14T13:45:32.774000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-20771date:2018-10-12T00:00:00
db:VULHUBid:VHN-125629date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-15376date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-011565date:2019-01-16T00:00:00
db:CNNVDid:CNNVD-201809-1266date:2019-10-17T00:00:00
db:NVDid:CVE-2018-15376date:2019-10-09T23:35:28.937

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-20771date:2018-10-12T00:00:00
db:VULHUBid:VHN-125629date:2018-10-05T00:00:00
db:VULMONid:CVE-2018-15376date:2018-10-05T00:00:00
db:JVNDBid:JVNDB-2018-011565date:2019-01-16T00:00:00
db:CNNVDid:CNNVD-201809-1266date:2018-09-28T00:00:00
db:NVDid:CVE-2018-15376date:2018-10-05T14:29:06.777