ID

VAR-201810-0594


CVE

CVE-2018-15424


TITLE

Cisco Identity Services Engine Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011420

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server. Cisco Identity Services Engine (ISE) Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Identity Services Engine (ISE) is an identity-based context-aware platform (ISE Identity Services Engine) from Cisco. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. An input validation vulnerability exists in the web-based management interface in Cisco ISE

Trust: 1.71

sources: NVD: CVE-2018-15424 // JVNDB: JVNDB-2018-011420 // VULHUB: VHN-125682

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:2.2\(0.470\)

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-011420 // CNNVD: CNNVD-201810-212 // NVD: CVE-2018-15424

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15424
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-15424
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-212
value: MEDIUM

Trust: 0.6

VULHUB: VHN-125682
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15424
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125682
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15424
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: CVE-2018-15424
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-125682 // JVNDB: JVNDB-2018-011420 // CNNVD: CNNVD-201810-212 // NVD: CVE-2018-15424

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-434

Trust: 1.1

sources: VULHUB: VHN-125682 // JVNDB: JVNDB-2018-011420 // NVD: CVE-2018-15424

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-212

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201810-212

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011420

PATCH

title:cisco-sa-20181003-ise-mult-vulnsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ise-mult-vulns

Trust: 0.8

title:Cisco Identity Services Engine Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85426

Trust: 0.6

sources: JVNDB: JVNDB-2018-011420 // CNNVD: CNNVD-201810-212

EXTERNAL IDS

db:NVDid:CVE-2018-15424

Trust: 2.5

db:SECTRACKid:1041792

Trust: 1.7

db:JVNDBid:JVNDB-2018-011420

Trust: 0.8

db:CNNVDid:CNNVD-201810-212

Trust: 0.7

db:VULHUBid:VHN-125682

Trust: 0.1

sources: VULHUB: VHN-125682 // JVNDB: JVNDB-2018-011420 // CNNVD: CNNVD-201810-212 // NVD: CVE-2018-15424

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-ise-mult-vulns

Trust: 1.7

url:http://www.securitytracker.com/id/1041792

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15424

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-15424

Trust: 0.8

sources: VULHUB: VHN-125682 // JVNDB: JVNDB-2018-011420 // CNNVD: CNNVD-201810-212 // NVD: CVE-2018-15424

SOURCES

db:VULHUBid:VHN-125682
db:JVNDBid:JVNDB-2018-011420
db:CNNVDid:CNNVD-201810-212
db:NVDid:CVE-2018-15424

LAST UPDATE DATE

2024-08-14T15:18:14.980000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-125682date:2020-09-16T00:00:00
db:JVNDBid:JVNDB-2018-011420date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-212date:2020-09-17T00:00:00
db:NVDid:CVE-2018-15424date:2020-09-16T13:22:45.870

SOURCES RELEASE DATE

db:VULHUBid:VHN-125682date:2018-10-05T00:00:00
db:JVNDBid:JVNDB-2018-011420date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-212date:2018-10-08T00:00:00
db:NVDid:CVE-2018-15424date:2018-10-05T14:29:11.077