Sign-up

ID

VAR-201810-0594


CVE

CVE-2018-15424


TITLE

Cisco Identity Services Engine Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011420

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server. Cisco Identity Services Engine (ISE) Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Identity Services Engine (ISE) is an identity-based context-aware platform (ISE Identity Services Engine) from Cisco. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. An input validation vulnerability exists in the web-based management interface in Cisco ISE

Trust: 1.71

sources: NVD: CVE-2018-15424 // JVNDB: JVNDB-2018-011420 // VULHUB: VHN-125682

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:2.2\(0.470\)

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-011420 // CNNVD: CNNVD-201810-212 // NVD: CVE-2018-15424

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15424
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-15424
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-212
value: MEDIUM

Trust: 0.6

VULHUB: VHN-125682
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15424
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125682
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15424
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: CVE-2018-15424
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-125682 // JVNDB: JVNDB-2018-011420 // CNNVD: CNNVD-201810-212 // NVD: CVE-2018-15424

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-434

Trust: 1.1

sources: VULHUB: VHN-125682 // JVNDB: JVNDB-2018-011420 // NVD: CVE-2018-15424

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-212

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201810-212

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011420

PATCH
title:cisco-sa-20181003-ise-mult-vulnsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ise-mult-vulns
Trust: 0.8
title:Cisco Identity Services Engine Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85426
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-011420 // 
            
            
            
            CNNVD: CNNVD-201810-212

EXTERNAL IDS
db:NVDid:CVE-2018-15424
Trust: 2.5
db:SECTRACKid:1041792
Trust: 1.7
db:JVNDBid:JVNDB-2018-011420
Trust: 0.8
db:CNNVDid:CNNVD-201810-212
Trust: 0.7
db:VULHUBid:VHN-125682
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125682 // 
            
            
            
            JVNDB: JVNDB-2018-011420 // 
            
            
            
            CNNVD: CNNVD-201810-212 // 
            
            
            
            NVD: CVE-2018-15424

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-ise-mult-vulns
Trust: 1.7
url:http://www.securitytracker.com/id/1041792
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15424
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15424
Trust: 0.8
sources:
            
            
            VULHUB: VHN-125682 // 
            
            
            
            JVNDB: JVNDB-2018-011420 // 
            
            
            
            CNNVD: CNNVD-201810-212 // 
            
            
            
            NVD: CVE-2018-15424

SOURCES
db:VULHUBid:VHN-125682
db:JVNDBid:JVNDB-2018-011420
db:CNNVDid:CNNVD-201810-212
db:NVDid:CVE-2018-15424

LAST UPDATE DATE
2024-08-14T15:18:14.980000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125682date:2020-09-16T00:00:00
db:JVNDBid:JVNDB-2018-011420date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-212date:2020-09-17T00:00:00
db:NVDid:CVE-2018-15424date:2020-09-16T13:22:45.870

SOURCES RELEASE DATE
db:VULHUBid:VHN-125682date:2018-10-05T00:00:00
db:JVNDBid:JVNDB-2018-011420date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-212date:2018-10-08T00:00:00
db:NVDid:CVE-2018-15424date:2018-10-05T14:29:11.077