Sign-up

ID

VAR-201810-0593


CVE

CVE-2018-15423


TITLE

Cisco HyperFlex Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012119

DESCRIPTION

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tricked into clicking a malicious link. Cisco HyperFlex The software contains an input validation vulnerability.Information may be tampered with. Successful exploits will allow an authenticated attacker to compromise the affected application or obtain sensitive information. Other attacks are also possible. This issue being tracked by Cisco Bug ID CSCvj95644. Cisco HyperFlex Software is a set of scalable distributed file system of Cisco (Cisco). The system provides unified computing, storage and network through cloud management, and provides enterprise-level data management and optimization services

Trust: 2.07

sources: NVD: CVE-2018-15423 // JVNDB: JVNDB-2018-012119 // BID: 105819 // VULHUB: VHN-125681 // VULMON: CVE-2018-15423

AFFECTED PRODUCTS

vendor:ciscomodel:hyperflex hx data platformscope:eqversion:3.0\(1a\)

Trust: 1.6

vendor:ciscomodel:hyperflex hx data platformscope:eqversion:2.6\(1d\)

Trust: 1.6

vendor:ciscomodel:hyperflexscope: - version: -

Trust: 0.8

vendor:ciscomodel:hyperflex softwarescope:eqversion:0

Trust: 0.3

sources: BID: 105819 // JVNDB: JVNDB-2018-012119 // CNNVD: CNNVD-201810-211 // NVD: CVE-2018-15423

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15423
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-15423
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-211
value: MEDIUM

Trust: 0.6

VULHUB: VHN-125681
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-15423
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15423
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-125681
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15423
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2018-15423
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-125681 // VULMON: CVE-2018-15423 // JVNDB: JVNDB-2018-012119 // CNNVD: CNNVD-201810-211 // NVD: CVE-2018-15423

PROBLEMTYPE DATA

problemtype:CWE-1021

Trust: 1.0

problemtype:CWE-693

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-125681 // JVNDB: JVNDB-2018-012119 // NVD: CVE-2018-15423

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-211

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 105819 // CNNVD: CNNVD-201810-211

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012119

PATCH
title:cisco-sa-20181003-hyperflex-clickjackingurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-hyperflex-clickjacking
Trust: 0.8
title:Cisco HyperFlex Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85425
Trust: 0.6
title:Cisco: Cisco HyperFlex UI Clickjacking Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20181003-hyperflex-clickjacking
Trust: 0.1
title: - url:https://github.com/aravindb26/new.txt 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-15423 // 
            
            
            
            JVNDB: JVNDB-2018-012119 // 
            
            
            
            CNNVD: CNNVD-201810-211

EXTERNAL IDS
db:NVDid:CVE-2018-15423
Trust: 2.9
db:JVNDBid:JVNDB-2018-012119
Trust: 0.8
db:CNNVDid:CNNVD-201810-211
Trust: 0.7
db:BIDid:105819
Trust: 0.3
db:VULHUBid:VHN-125681
Trust: 0.1
db:VULMONid:CVE-2018-15423
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125681 // 
            
            
            
            VULMON: CVE-2018-15423 // 
            
            
            
            BID: 105819 // 
            
            
            
            JVNDB: JVNDB-2018-012119 // 
            
            
            
            CNNVD: CNNVD-201810-211 // 
            
            
            
            NVD: CVE-2018-15423

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-hyperflex-clickjacking
Trust: 2.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15423
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15423
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/1021.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125681 // 
            
            
            
            VULMON: CVE-2018-15423 // 
            
            
            
            BID: 105819 // 
            
            
            
            JVNDB: JVNDB-2018-012119 // 
            
            
            
            CNNVD: CNNVD-201810-211 // 
            
            
            
            NVD: CVE-2018-15423

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 105819

SOURCES
db:VULHUBid:VHN-125681
db:VULMONid:CVE-2018-15423
db:BIDid:105819
db:JVNDBid:JVNDB-2018-012119
db:CNNVDid:CNNVD-201810-211
db:NVDid:CVE-2018-15423

LAST UPDATE DATE
2024-11-23T23:04:57.289000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125681date:2020-09-16T00:00:00
db:VULMONid:CVE-2018-15423date:2020-09-16T00:00:00
db:BIDid:105819date:2018-10-03T00:00:00
db:JVNDBid:JVNDB-2018-012119date:2019-01-30T00:00:00
db:CNNVDid:CNNVD-201810-211date:2020-10-22T00:00:00
db:NVDid:CVE-2018-15423date:2024-11-21T03:50:45.813

SOURCES RELEASE DATE
db:VULHUBid:VHN-125681date:2018-10-05T00:00:00
db:VULMONid:CVE-2018-15423date:2018-10-05T00:00:00
db:BIDid:105819date:2018-10-03T00:00:00
db:JVNDBid:JVNDB-2018-012119date:2019-01-30T00:00:00
db:CNNVDid:CNNVD-201810-211date:2018-10-08T00:00:00
db:NVDid:CVE-2018-15423date:2018-10-05T14:29:10.967