Sign-up

ID

VAR-201811-0174


CVE

CVE-2018-15381


TITLE

Cisco Unity Express Vulnerable to unreliable data deserialization

Trust: 0.8

sources: JVNDB: JVNDB-2018-013968

DESCRIPTION

A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco Unity Express is prone to an arbitrary command-execution vulnerability. Cisco Unity Express versions prior to 9.0.6 are vulnerable. The product includes features such as voicemail and Interactive Voice Response (IVR)

Trust: 2.07

sources: NVD: CVE-2018-15381 // JVNDB: JVNDB-2018-013968 // BID: 105876 // VULHUB: VHN-125635 // VULMON: CVE-2018-15381

AFFECTED PRODUCTS

vendor:ciscomodel:unity expressscope:ltversion:9.0.6

Trust: 1.0

vendor:ciscomodel:unity express softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:unity expressscope:eqversion:9.0

Trust: 0.3

vendor:ciscomodel:unity expressscope:eqversion:9.0(3)

Trust: 0.3

vendor:ciscomodel:unity expressscope:neversion:9.0.6

Trust: 0.3

sources: BID: 105876 // JVNDB: JVNDB-2018-013968 // NVD: CVE-2018-15381

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15381
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2018-15381
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-15381
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201811-181
value: CRITICAL

Trust: 0.6

VULHUB: VHN-125635
value: HIGH

Trust: 0.1

VULMON: CVE-2018-15381
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-15381
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-125635
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15381
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-125635 // VULMON: CVE-2018-15381 // JVNDB: JVNDB-2018-013968 // CNNVD: CNNVD-201811-181 // NVD: CVE-2018-15381 // NVD: CVE-2018-15381

PROBLEMTYPE DATA

problemtype:CWE-502

Trust: 1.9

sources: VULHUB: VHN-125635 // JVNDB: JVNDB-2018-013968 // NVD: CVE-2018-15381

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-181

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201811-181

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013968

PATCH
title:cisco-sa-20181107-cueurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-cue
Trust: 0.8
title:Cisco Unity Express Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86653
Trust: 0.6
title:Cisco: Cisco Unity Express Arbitrary Command Execution Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20181107-cue
Trust: 0.1
title:Java-Deserialization-Cheat-Sheeturl:https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet 
Trust: 0.1
title:Java-Deserialization-CVEsurl:https://github.com/PalindromeLabs/Java-Deserialization-CVEs 
Trust: 0.1
title:Threatposturl:https://threatpost.com/cisco-accidentally-released-dirty-cow-exploit-code-in-software/138888/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-15381 // 
            
            
            
            JVNDB: JVNDB-2018-013968 // 
            
            
            
            CNNVD: CNNVD-201811-181

EXTERNAL IDS
db:NVDid:CVE-2018-15381
Trust: 2.9
db:BIDid:105876
Trust: 2.1
db:SECTRACKid:1042130
Trust: 1.8
db:JVNDBid:JVNDB-2018-013968
Trust: 0.8
db:CNNVDid:CNNVD-201811-181
Trust: 0.7
db:VULHUBid:VHN-125635
Trust: 0.1
db:VULMONid:CVE-2018-15381
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125635 // 
            
            
            
            VULMON: CVE-2018-15381 // 
            
            
            
            BID: 105876 // 
            
            
            
            JVNDB: JVNDB-2018-013968 // 
            
            
            
            CNNVD: CNNVD-201811-181 // 
            
            
            
            NVD: CVE-2018-15381

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181107-cue
Trust: 2.2
url:http://www.securityfocus.com/bid/105876
Trust: 1.9
url:http://www.securitytracker.com/id/1042130
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15381
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15381
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/502.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/cisco-accidentally-released-dirty-cow-exploit-code-in-software/138888/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125635 // 
            
            
            
            VULMON: CVE-2018-15381 // 
            
            
            
            BID: 105876 // 
            
            
            
            JVNDB: JVNDB-2018-013968 // 
            
            
            
            CNNVD: CNNVD-201811-181 // 
            
            
            
            NVD: CVE-2018-15381

CREDITS
Cisco would like to thank Joshua Graham of TSS for reporting this vulnerability.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201811-181

SOURCES
db:VULHUBid:VHN-125635
db:VULMONid:CVE-2018-15381
db:BIDid:105876
db:JVNDBid:JVNDB-2018-013968
db:CNNVDid:CNNVD-201811-181
db:NVDid:CVE-2018-15381

LAST UPDATE DATE
2024-11-23T22:38:02.114000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125635date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-15381date:2019-10-09T00:00:00
db:BIDid:105876date:2018-11-07T00:00:00
db:JVNDBid:JVNDB-2018-013968date:2019-03-07T00:00:00
db:CNNVDid:CNNVD-201811-181date:2019-10-17T00:00:00
db:NVDid:CVE-2018-15381date:2024-11-21T03:50:40.100

SOURCES RELEASE DATE
db:VULHUBid:VHN-125635date:2018-11-08T00:00:00
db:VULMONid:CVE-2018-15381date:2018-11-08T00:00:00
db:BIDid:105876date:2018-11-07T00:00:00
db:JVNDBid:JVNDB-2018-013968date:2019-03-07T00:00:00
db:CNNVDid:CNNVD-201811-181date:2018-11-08T00:00:00
db:NVDid:CVE-2018-15381date:2018-11-08T16:29:00.277