Details of VAR-201810-0595

ID

VAR-201810-0595

CVE

CVE-2018-15425

TITLE

Cisco Identity Services Engine Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011421

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server. Cisco Identity Services Engine (ISE) Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Identity Services Engine (ISE) is an identity-based context-aware platform (ISE Identity Services Engine) from Cisco. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. An input validation vulnerability exists in the web-based management interface in Cisco ISE

Trust: 1.71

sources: NVD: CVE-2018-15425 // JVNDB: JVNDB-2018-011421 // VULHUB: VHN-125683

AFFECTED PRODUCTS

vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.2\(0.909\)	Trust: 1.6
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.1\(0.474\)	Trust: 1.6
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.2\(0.470\)	Trust: 1.6
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.3\(0.905\)	Trust: 1.6
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.3\(0.298\)	Trust: 1.6
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.4\(0.357\)	Trust: 1.6
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.4\(0.904\)	Trust: 1.6
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.1\(0.907\)	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-011421 // CNNVD: CNNVD-201810-213 // NVD: CVE-2018-15425

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15425
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-15425
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201810-213
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-125683
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-15425
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-125683
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15425
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.2
impactScore:	3.4
version:	3.1
Trust: 1.0
NVD:	CVE-2018-15425
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-125683 // JVNDB: JVNDB-2018-011421 // CNNVD: CNNVD-201810-213 // NVD: CVE-2018-15425

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-502	Trust: 1.1

sources: VULHUB: VHN-125683 // JVNDB: JVNDB-2018-011421 // NVD: CVE-2018-15425

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-213

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201810-213

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011421

PATCH

title:	cisco-sa-20181003-ise-mult-vulns	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ise-mult-vulns	Trust: 0.8
title:	Cisco Identity Services Engine Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85427	Trust: 0.6

sources: JVNDB: JVNDB-2018-011421 // CNNVD: CNNVD-201810-213

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15425	Trust: 2.5
db:	SECTRACK	id:	1041792	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-011421	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-213	Trust: 0.7
db:	VULHUB	id:	VHN-125683	Trust: 0.1

sources: VULHUB: VHN-125683 // JVNDB: JVNDB-2018-011421 // CNNVD: CNNVD-201810-213 // NVD: CVE-2018-15425

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-ise-mult-vulns	Trust: 1.7
url:	http://www.securitytracker.com/id/1041792	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15425	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15425	Trust: 0.8

sources: VULHUB: VHN-125683 // JVNDB: JVNDB-2018-011421 // CNNVD: CNNVD-201810-213 // NVD: CVE-2018-15425

SOURCES

db:	VULHUB	id:	VHN-125683
db:	JVNDB	id:	JVNDB-2018-011421
db:	CNNVD	id:	CNNVD-201810-213
db:	NVD	id:	CVE-2018-15425

LAST UPDATE DATE

2024-08-14T15:18:14.953000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125683	date:	2020-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2018-011421	date:	2019-01-11T00:00:00
db:	CNNVD	id:	CNNVD-201810-213	date:	2020-09-17T00:00:00
db:	NVD	id:	CVE-2018-15425	date:	2020-09-16T13:17:32.100

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125683	date:	2018-10-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-011421	date:	2019-01-11T00:00:00
db:	CNNVD	id:	CNNVD-201810-213	date:	2018-10-08T00:00:00
db:	NVD	id:	CVE-2018-15425	date:	2018-10-05T14:29:11.187