Sign-up

ID

VAR-201810-0602


CVE

CVE-2018-15432


TITLE

Cisco Prime Infrastructure Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-011126

DESCRIPTION

A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A successful exploit could allow the attacker to view sensitive information. Cisco Prime Infrastructure Contains an information disclosure vulnerability.Information may be obtained. This issue is being tracked by Cisco bug ID CSCvg93148

Trust: 1.98

sources: NVD: CVE-2018-15432 // JVNDB: JVNDB-2018-011126 // BID: 105563 // VULHUB: VHN-125691

AFFECTED PRODUCTS

vendor:ciscomodel:prime infrastructurescope:eqversion:3.2

Trust: 1.6

vendor:ciscomodel:prime infrastructurescope: - version: -

Trust: 0.8

vendor:ciscomodel:prime infrastructurescope:eqversion: -

Trust: 0.3

sources: BID: 105563 // JVNDB: JVNDB-2018-011126 // CNNVD: CNNVD-201810-219 // NVD: CVE-2018-15432

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15432
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-15432
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-219
value: MEDIUM

Trust: 0.6

VULHUB: VHN-125691
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15432
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125691
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15432
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-125691 // JVNDB: JVNDB-2018-011126 // CNNVD: CNNVD-201810-219 // NVD: CVE-2018-15432

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-125691 // JVNDB: JVNDB-2018-011126 // NVD: CVE-2018-15432

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-219

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201810-219

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011126

PATCH
title:cisco-sa-20181003-pi-idurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-pi-id
Trust: 0.8
title:Cisco Prime Infrastructure Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85433
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-011126 // 
            
            
            
            CNNVD: CNNVD-201810-219

EXTERNAL IDS
db:NVDid:CVE-2018-15432
Trust: 2.8
db:BIDid:105563
Trust: 2.0
db:JVNDBid:JVNDB-2018-011126
Trust: 0.8
db:CNNVDid:CNNVD-201810-219
Trust: 0.7
db:VULHUBid:VHN-125691
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125691 // 
            
            
            
            BID: 105563 // 
            
            
            
            JVNDB: JVNDB-2018-011126 // 
            
            
            
            CNNVD: CNNVD-201810-219 // 
            
            
            
            NVD: CVE-2018-15432

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-pi-id
Trust: 2.0
url:http://www.securityfocus.com/bid/105563
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15432
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15432
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-125691 // 
            
            
            
            BID: 105563 // 
            
            
            
            JVNDB: JVNDB-2018-011126 // 
            
            
            
            CNNVD: CNNVD-201810-219 // 
            
            
            
            NVD: CVE-2018-15432

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 105563

SOURCES
db:VULHUBid:VHN-125691
db:BIDid:105563
db:JVNDBid:JVNDB-2018-011126
db:CNNVDid:CNNVD-201810-219
db:NVDid:CVE-2018-15432

LAST UPDATE DATE
2024-11-23T22:12:18.992000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125691date:2019-10-09T00:00:00
db:BIDid:105563date:2018-10-03T00:00:00
db:JVNDBid:JVNDB-2018-011126date:2019-01-07T00:00:00
db:CNNVDid:CNNVD-201810-219date:2019-10-17T00:00:00
db:NVDid:CVE-2018-15432date:2024-11-21T03:50:47.103

SOURCES RELEASE DATE
db:VULHUBid:VHN-125691date:2018-10-05T00:00:00
db:BIDid:105563date:2018-10-03T00:00:00
db:JVNDBid:JVNDB-2018-011126date:2019-01-07T00:00:00
db:CNNVDid:CNNVD-201810-219date:2018-10-08T00:00:00
db:NVDid:CVE-2018-15432date:2018-10-05T14:29:12.013