Sign-up

ID

VAR-201901-0451


CVE

CVE-2018-0181


TITLE

Cisco Policy Suite for Mobile and Policy Suite Diameter Routing Agent Vulnerability related to lack of authentication for critical functions in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-001729

DESCRIPTION

A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to reduce the efficiency of the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. This issue is tracked by Cisco Bug IDs CSCvf08748 and CSCvk64527

Trust: 1.98

sources: NVD: CVE-2018-0181 // JVNDB: JVNDB-2019-001729 // BID: 106547 // VULHUB: VHN-118383

AFFECTED PRODUCTS

vendor:ciscomodel:policy suite diameter routing agentscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:policy suite for mobilescope:eqversion:13.0.0

Trust: 1.0

vendor:ciscomodel:policy suite diameter routing agentscope: - version: -

Trust: 0.8

vendor:ciscomodel:policy suite for mobilescope: - version: -

Trust: 0.8

vendor:ciscomodel:policy suite for mobilescope:eqversion:13.0

Trust: 0.3

vendor:ciscomodel:policy suite diameter routing agentscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:policy suite for mobilescope:neversion:18.3

Trust: 0.3

sources: BID: 106547 // JVNDB: JVNDB-2019-001729 // NVD: CVE-2018-0181

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0181
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2018-0181
value: HIGH

Trust: 1.0

NVD: CVE-2018-0181
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201901-259
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118383
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0181
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118383
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0181
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2018-0181
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-118383 // JVNDB: JVNDB-2019-001729 // CNNVD: CNNVD-201901-259 // NVD: CVE-2018-0181 // NVD: CVE-2018-0181

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

sources: VULHUB: VHN-118383 // JVNDB: JVNDB-2019-001729 // NVD: CVE-2018-0181

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-259

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201901-259

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001729

PATCH
title:cisco-sa-20190109-cps-redisurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-cps-redis
Trust: 0.8
title:Cisco Policy Suite for Mobile  and Cisco Policy Suite Diameter Routing Agent Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88442
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-001729 // 
            
            
            
            CNNVD: CNNVD-201901-259

EXTERNAL IDS
db:NVDid:CVE-2018-0181
Trust: 2.8
db:BIDid:106547
Trust: 2.0
db:JVNDBid:JVNDB-2019-001729
Trust: 0.8
db:CNNVDid:CNNVD-201901-259
Trust: 0.7
db:VULHUBid:VHN-118383
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118383 // 
            
            
            
            BID: 106547 // 
            
            
            
            JVNDB: JVNDB-2019-001729 // 
            
            
            
            CNNVD: CNNVD-201901-259 // 
            
            
            
            NVD: CVE-2018-0181

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190109-cps-redis
Trust: 2.0
url:http://www.securityfocus.com/bid/106547
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0181
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0181
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118383 // 
            
            
            
            BID: 106547 // 
            
            
            
            JVNDB: JVNDB-2019-001729 // 
            
            
            
            CNNVD: CNNVD-201901-259 // 
            
            
            
            NVD: CVE-2018-0181

CREDITS
This vulnerability was found during internal security testing.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201901-259

SOURCES
db:VULHUBid:VHN-118383
db:BIDid:106547
db:JVNDBid:JVNDB-2019-001729
db:CNNVDid:CNNVD-201901-259
db:NVDid:CVE-2018-0181

LAST UPDATE DATE
2024-11-23T22:45:07.547000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118383date:2019-10-09T00:00:00
db:BIDid:106547date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2019-001729date:2019-03-25T00:00:00
db:CNNVDid:CNNVD-201901-259date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0181date:2024-11-21T03:37:40.750

SOURCES RELEASE DATE
db:VULHUBid:VHN-118383date:2019-01-10T00:00:00
db:BIDid:106547date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2019-001729date:2019-03-25T00:00:00
db:CNNVDid:CNNVD-201901-259date:2019-01-10T00:00:00
db:NVDid:CVE-2018-0181date:2019-01-10T00:29:00.250