ID

VAR-201810-0603


CVE

CVE-2018-15433


TITLE

Cisco Prime Infrastructure Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-011127

DESCRIPTION

A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A successful exploit could allow the attacker to view sensitive information. Cisco Prime Infrastructure Contains an information disclosure vulnerability.Information may be obtained. This issue is being tracked by Cisco bug ID CSCvg93152

Trust: 1.98

sources: NVD: CVE-2018-15433 // JVNDB: JVNDB-2018-011127 // BID: 105562 // VULHUB: VHN-125692

AFFECTED PRODUCTS

vendor:ciscomodel:prime infrastructurescope:eqversion:3.2

Trust: 1.6

vendor:ciscomodel:prime infrastructurescope: - version: -

Trust: 0.8

vendor:ciscomodel:prime infrastructurescope:eqversion: -

Trust: 0.3

sources: BID: 105562 // JVNDB: JVNDB-2018-011127 // CNNVD: CNNVD-201810-220 // NVD: CVE-2018-15433

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15433
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-15433
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-220
value: MEDIUM

Trust: 0.6

VULHUB: VHN-125692
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15433
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125692
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15433
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-125692 // JVNDB: JVNDB-2018-011127 // CNNVD: CNNVD-201810-220 // NVD: CVE-2018-15433

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-125692 // JVNDB: JVNDB-2018-011127 // NVD: CVE-2018-15433

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-220

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201810-220

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011127

PATCH

title:cisco-sa-20181003-prime-idurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-prime-id

Trust: 0.8

title:Cisco Prime Infrastructure Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85434

Trust: 0.6

sources: JVNDB: JVNDB-2018-011127 // CNNVD: CNNVD-201810-220

EXTERNAL IDS

db:NVDid:CVE-2018-15433

Trust: 2.8

db:BIDid:105562

Trust: 2.0

db:JVNDBid:JVNDB-2018-011127

Trust: 0.8

db:CNNVDid:CNNVD-201810-220

Trust: 0.7

db:VULHUBid:VHN-125692

Trust: 0.1

sources: VULHUB: VHN-125692 // BID: 105562 // JVNDB: JVNDB-2018-011127 // CNNVD: CNNVD-201810-220 // NVD: CVE-2018-15433

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-prime-id

Trust: 2.0

url:http://www.securityfocus.com/bid/105562

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15433

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-15433

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-125692 // BID: 105562 // JVNDB: JVNDB-2018-011127 // CNNVD: CNNVD-201810-220 // NVD: CVE-2018-15433

CREDITS

Cisco

Trust: 0.3

sources: BID: 105562

SOURCES

db:VULHUBid:VHN-125692
db:BIDid:105562
db:JVNDBid:JVNDB-2018-011127
db:CNNVDid:CNNVD-201810-220
db:NVDid:CVE-2018-15433

LAST UPDATE DATE

2024-11-23T22:30:12.834000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-125692date:2019-10-09T00:00:00
db:BIDid:105562date:2018-10-03T00:00:00
db:JVNDBid:JVNDB-2018-011127date:2019-01-07T00:00:00
db:CNNVDid:CNNVD-201810-220date:2019-10-17T00:00:00
db:NVDid:CVE-2018-15433date:2024-11-21T03:50:47.250

SOURCES RELEASE DATE

db:VULHUBid:VHN-125692date:2018-10-05T00:00:00
db:BIDid:105562date:2018-10-03T00:00:00
db:JVNDBid:JVNDB-2018-011127date:2019-01-07T00:00:00
db:CNNVDid:CNNVD-201810-220date:2018-10-08T00:00:00
db:NVDid:CVE-2018-15433date:2018-10-05T14:29:12.137