ID

VAR-201810-0595


CVE

CVE-2018-15425


TITLE

Cisco Identity Services Engine Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011421

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server. Cisco Identity Services Engine (ISE) Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Identity Services Engine (ISE) is an identity-based context-aware platform (ISE Identity Services Engine) from Cisco. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. An input validation vulnerability exists in the web-based management interface in Cisco ISE

Trust: 1.71

sources: NVD: CVE-2018-15425 // JVNDB: JVNDB-2018-011421 // VULHUB: VHN-125683

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:2.2\(0.909\)

Trust: 1.6

vendor:ciscomodel:identity services enginescope:eqversion:2.1\(0.474\)

Trust: 1.6

vendor:ciscomodel:identity services enginescope:eqversion:2.2\(0.470\)

Trust: 1.6

vendor:ciscomodel:identity services enginescope:eqversion:2.3\(0.905\)

Trust: 1.6

vendor:ciscomodel:identity services enginescope:eqversion:2.3\(0.298\)

Trust: 1.6

vendor:ciscomodel:identity services enginescope:eqversion:2.4\(0.357\)

Trust: 1.6

vendor:ciscomodel:identity services enginescope:eqversion:2.4\(0.904\)

Trust: 1.6

vendor:ciscomodel:identity services enginescope:eqversion:2.1\(0.907\)

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-011421 // CNNVD: CNNVD-201810-213 // NVD: CVE-2018-15425

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15425
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-15425
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-213
value: MEDIUM

Trust: 0.6

VULHUB: VHN-125683
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15425
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125683
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15425
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: CVE-2018-15425
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-125683 // JVNDB: JVNDB-2018-011421 // CNNVD: CNNVD-201810-213 // NVD: CVE-2018-15425

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-502

Trust: 1.1

sources: VULHUB: VHN-125683 // JVNDB: JVNDB-2018-011421 // NVD: CVE-2018-15425

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-213

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201810-213

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011421

PATCH

title:cisco-sa-20181003-ise-mult-vulnsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ise-mult-vulns

Trust: 0.8

title:Cisco Identity Services Engine Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85427

Trust: 0.6

sources: JVNDB: JVNDB-2018-011421 // CNNVD: CNNVD-201810-213

EXTERNAL IDS

db:NVDid:CVE-2018-15425

Trust: 2.5

db:SECTRACKid:1041792

Trust: 1.7

db:JVNDBid:JVNDB-2018-011421

Trust: 0.8

db:CNNVDid:CNNVD-201810-213

Trust: 0.7

db:VULHUBid:VHN-125683

Trust: 0.1

sources: VULHUB: VHN-125683 // JVNDB: JVNDB-2018-011421 // CNNVD: CNNVD-201810-213 // NVD: CVE-2018-15425

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-ise-mult-vulns

Trust: 1.7

url:http://www.securitytracker.com/id/1041792

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15425

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-15425

Trust: 0.8

sources: VULHUB: VHN-125683 // JVNDB: JVNDB-2018-011421 // CNNVD: CNNVD-201810-213 // NVD: CVE-2018-15425

SOURCES

db:VULHUBid:VHN-125683
db:JVNDBid:JVNDB-2018-011421
db:CNNVDid:CNNVD-201810-213
db:NVDid:CVE-2018-15425

LAST UPDATE DATE

2024-08-14T15:18:14.953000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-125683date:2020-09-16T00:00:00
db:JVNDBid:JVNDB-2018-011421date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-213date:2020-09-17T00:00:00
db:NVDid:CVE-2018-15425date:2020-09-16T13:17:32.100

SOURCES RELEASE DATE

db:VULHUBid:VHN-125683date:2018-10-05T00:00:00
db:JVNDBid:JVNDB-2018-011421date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-213date:2018-10-08T00:00:00
db:NVDid:CVE-2018-15425date:2018-10-05T14:29:11.187