Details of VAR-201810-0617

ID

VAR-201810-0617

CVE

CVE-2018-15401

TITLE

Cisco Hosted Collaboration Mediation Fulfillment Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2018-013488

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system via a web browser and with the privileges of the user. Other attacks are also possible. This issue is being tracked by Cisco Bug IDs CSCvj07142 and CSCvk13368. The software provides functions such as configuring, managing and monitoring services of Cisco HCM-F

Trust: 1.98

sources: NVD: CVE-2018-15401 // JVNDB: JVNDB-2018-013488 // BID: 105706 // VULHUB: VHN-125657

AFFECTED PRODUCTS

vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	eq	version:	11.5\(3\)	Trust: 1.6
vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	eq	version:	11.5\(2\)	Trust: 1.6
vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	eq	version:	12.5\(1\)	Trust: 1.6
vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	eq	version:	0	Trust: 0.3

sources: BID: 105706 // JVNDB: JVNDB-2018-013488 // CNNVD: CNNVD-201810-193 // NVD: CVE-2018-15401

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15401
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-15401
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201810-193
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-125657
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-15401
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-125657
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15401
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-125657 // JVNDB: JVNDB-2018-013488 // CNNVD: CNNVD-201810-193 // NVD: CVE-2018-15401

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-125657 // JVNDB: JVNDB-2018-013488 // NVD: CVE-2018-15401

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-193

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201810-193

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013488

PATCH

title:	cisco-sa-20181003-hcmf-csrf	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-hcmf-csrf	Trust: 0.8
title:	Cisco Hosted Collaboration Mediation Fulfillment Fixes for cross-site request forgery vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85407	Trust: 0.6

sources: JVNDB: JVNDB-2018-013488 // CNNVD: CNNVD-201810-193

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15401	Trust: 2.8
db:	JVNDB	id:	JVNDB-2018-013488	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-193	Trust: 0.7
db:	BID	id:	105706	Trust: 0.3
db:	VULHUB	id:	VHN-125657	Trust: 0.1

sources: VULHUB: VHN-125657 // BID: 105706 // JVNDB: JVNDB-2018-013488 // CNNVD: CNNVD-201810-193 // NVD: CVE-2018-15401

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-hcmf-csrf	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15401	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15401	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-125657 // BID: 105706 // JVNDB: JVNDB-2018-013488 // CNNVD: CNNVD-201810-193 // NVD: CVE-2018-15401

CREDITS

Cisco

Trust: 0.3

sources: BID: 105706

SOURCES

db:	VULHUB	id:	VHN-125657
db:	BID	id:	105706
db:	JVNDB	id:	JVNDB-2018-013488
db:	CNNVD	id:	CNNVD-201810-193
db:	NVD	id:	CVE-2018-15401

LAST UPDATE DATE

2024-11-23T23:08:34.197000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125657	date:	2019-10-09T00:00:00
db:	BID	id:	105706	date:	2018-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013488	date:	2019-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201810-193	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-15401	date:	2024-11-21T03:50:42.623

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125657	date:	2018-10-05T00:00:00
db:	BID	id:	105706	date:	2018-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013488	date:	2019-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201810-193	date:	2018-10-08T00:00:00
db:	NVD	id:	CVE-2018-15401	date:	2018-10-05T14:29:08.543