Sign-up

ID

VAR-201810-0607


CVE

CVE-2018-15438


TITLE

Cisco Prime Collaboration Assurance Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2018-013817

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to use a web browser to perform arbitrary actions with the privileges of the user on an affected system. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvj07251. This solution supports simplified unified communication and video collaboration network management through a unified management console, and rapid deployment of communication sites

Trust: 1.98

sources: NVD: CVE-2018-15438 // JVNDB: JVNDB-2018-013817 // BID: 105670 // VULHUB: VHN-125697

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration assurancescope:eqversion:12.1

Trust: 1.0

vendor:ciscomodel:prime collaboration assurancescope: - version: -

Trust: 0.8

vendor:ciscomodel:prime collaboration assurancescope:eqversion:0

Trust: 0.3

sources: BID: 105670 // JVNDB: JVNDB-2018-013817 // NVD: CVE-2018-15438

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15438
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2018-15438
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-15438
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-981
value: MEDIUM

Trust: 0.6

VULHUB: VHN-125697
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15438
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125697
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15438
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-125697 // JVNDB: JVNDB-2018-013817 // CNNVD: CNNVD-201810-981 // NVD: CVE-2018-15438 // NVD: CVE-2018-15438

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-125697 // JVNDB: JVNDB-2018-013817 // NVD: CVE-2018-15438

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-981

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201810-981

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013817

PATCH
title:cisco-sa-20181017-cpca-csrfurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-cpca-csrf
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-013817

EXTERNAL IDS
db:NVDid:CVE-2018-15438
Trust: 2.8
db:BIDid:105670
Trust: 2.0
db:SECTRACKid:1041930
Trust: 1.7
db:JVNDBid:JVNDB-2018-013817
Trust: 0.8
db:CNNVDid:CNNVD-201810-981
Trust: 0.7
db:VULHUBid:VHN-125697
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125697 // 
            
            
            
            BID: 105670 // 
            
            
            
            JVNDB: JVNDB-2018-013817 // 
            
            
            
            CNNVD: CNNVD-201810-981 // 
            
            
            
            NVD: CVE-2018-15438

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181017-cpca-csrf
Trust: 2.0
url:http://www.securityfocus.com/bid/105670
Trust: 1.7
url:http://www.securitytracker.com/id/1041930
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15438
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15438
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-125697 // 
            
            
            
            BID: 105670 // 
            
            
            
            JVNDB: JVNDB-2018-013817 // 
            
            
            
            CNNVD: CNNVD-201810-981 // 
            
            
            
            NVD: CVE-2018-15438

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 105670

SOURCES
db:VULHUBid:VHN-125697
db:BIDid:105670
db:JVNDBid:JVNDB-2018-013817
db:CNNVDid:CNNVD-201810-981
db:NVDid:CVE-2018-15438

LAST UPDATE DATE
2024-11-23T22:55:43.329000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125697date:2019-10-09T00:00:00
db:BIDid:105670date:2018-10-17T00:00:00
db:JVNDBid:JVNDB-2018-013817date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201810-981date:2019-10-17T00:00:00
db:NVDid:CVE-2018-15438date:2024-11-21T03:50:48.027

SOURCES RELEASE DATE
db:VULHUBid:VHN-125697date:2018-10-17T00:00:00
db:BIDid:105670date:2018-10-17T00:00:00
db:JVNDBid:JVNDB-2018-013817date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201810-981date:2018-10-18T00:00:00
db:NVDid:CVE-2018-15438date:2018-10-17T22:29:00.833