Details of VAR-201810-0621

ID

VAR-201810-0621

CVE

CVE-2018-15405

TITLE

Cisco Integrated Management Controller Supervisor and UCS Director Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-013489

DESCRIPTION

A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly include the access level of the web interface user. An attacker who has valid application credentials could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional reconnaissance attacks. Multiple Cisco Products are prone to an information-disclosure vulnerability. This issue is being tracked by Cisco Bug IDs CSCvj95420 and CSCvk10260. UCS Director Software is a converged infrastructure management solution

Trust: 1.98

sources: NVD: CVE-2018-15405 // JVNDB: JVNDB-2018-013489 // BID: 105708 // VULHUB: VHN-125661

AFFECTED PRODUCTS

vendor:	cisco	model:	ucs director	scope:	eq	version:	6.6\(1.0\)	Trust: 1.6
vendor:	cisco	model:	ucs director	scope:	eq	version:	2.1\(0.0\)	Trust: 1.6
vendor:	cisco	model:	ucs director	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs director	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	integrated management controller supervisor software	scope:	eq	version:	0	Trust: 0.3

sources: BID: 105708 // JVNDB: JVNDB-2018-013489 // CNNVD: CNNVD-201810-196 // NVD: CVE-2018-15405

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15405
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-15405
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201810-196
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-125661
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-15405
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-125661
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15405
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2018-15405
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-125661 // JVNDB: JVNDB-2018-013489 // CNNVD: CNNVD-201810-196 // NVD: CVE-2018-15405

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.1
problemtype:	CWE-285	Trust: 1.0
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-125661 // JVNDB: JVNDB-2018-013489 // NVD: CVE-2018-15405

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-196

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201810-196

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013489

PATCH

title:	cisco-sa-20181003-imcs-ucsd-id	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-imcs-ucsd-id	Trust: 0.8
title:	Cisco Integrated Management Controller Supervisor and Director Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85410	Trust: 0.6

sources: JVNDB: JVNDB-2018-013489 // CNNVD: CNNVD-201810-196

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15405	Trust: 2.8
db:	SECTRACK	id:	1041779	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-013489	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-196	Trust: 0.7
db:	BID	id:	105708	Trust: 0.3
db:	VULHUB	id:	VHN-125661	Trust: 0.1

sources: VULHUB: VHN-125661 // BID: 105708 // JVNDB: JVNDB-2018-013489 // CNNVD: CNNVD-201810-196 // NVD: CVE-2018-15405

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-imcs-ucsd-id	Trust: 2.0
url:	http://www.securitytracker.com/id/1041779	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15405	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15405	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-125661 // BID: 105708 // JVNDB: JVNDB-2018-013489 // CNNVD: CNNVD-201810-196 // NVD: CVE-2018-15405

CREDITS

Cisco

Trust: 0.3

sources: BID: 105708

SOURCES

db:	VULHUB	id:	VHN-125661
db:	BID	id:	105708
db:	JVNDB	id:	JVNDB-2018-013489
db:	CNNVD	id:	CNNVD-201810-196
db:	NVD	id:	CVE-2018-15405

LAST UPDATE DATE

2024-11-23T23:02:00.354000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125661	date:	2020-08-31T00:00:00
db:	BID	id:	105708	date:	2018-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013489	date:	2019-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201810-196	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2018-15405	date:	2024-11-21T03:50:43.180

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125661	date:	2018-10-05T00:00:00
db:	BID	id:	105708	date:	2018-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013489	date:	2019-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201810-196	date:	2018-10-08T00:00:00
db:	NVD	id:	CVE-2018-15405	date:	2018-10-05T14:29:08.903