ID

VAR-201901-0711


CVE

CVE-2018-0187


TITLE

Cisco Identity Services Engine Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-001427

DESCRIPTION

A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain confidential information for privileged accounts. The vulnerability is due to the improper handling of confidential information. An attacker could exploit this vulnerability by logging into the web interface on a vulnerable system. An exploit could allow an attacker to obtain confidential information for privileged accounts. This information could then be used to impersonate or negatively impact the privileged account on the affected system. This may lead to further attacks. This issue being tracked by Cisco Bug ID CSCvm13822. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. Admin portal is one of the management portals

Trust: 1.98

sources: NVD: CVE-2018-0187 // JVNDB: JVNDB-2019-001427 // BID: 106717 // VULHUB: VHN-118389

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:2.4\(0.901.1\)

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.4\(0.901\)

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:identity services enginescope:eqversion:2.4(0.901.1)

Trust: 0.3

vendor:ciscomodel:identity services enginescope:eqversion:2.4(0.901)

Trust: 0.3

vendor:ciscomodel:identity services enginescope:neversion:2.4(0.904)

Trust: 0.3

vendor:ciscomodel:identity services enginescope:neversion:2.2(0.911)

Trust: 0.3

sources: BID: 106717 // JVNDB: JVNDB-2019-001427 // NVD: CVE-2018-0187

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0187
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2018-0187
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0187
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201901-845
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118389
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0187
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118389
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0187
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-118389 // JVNDB: JVNDB-2019-001427 // CNNVD: CNNVD-201901-845 // NVD: CVE-2018-0187 // NVD: CVE-2018-0187

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-118389 // JVNDB: JVNDB-2019-001427 // NVD: CVE-2018-0187

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-845

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201901-845

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001427

PATCH

title:cisco-sa-20190123-ise-info-disclosureurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-info-disclosure

Trust: 0.8

title:Cisco Identity Services Engine Admin portal Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88927

Trust: 0.6

sources: JVNDB: JVNDB-2019-001427 // CNNVD: CNNVD-201901-845

EXTERNAL IDS

db:NVDid:CVE-2018-0187

Trust: 2.8

db:BIDid:106717

Trust: 2.0

db:JVNDBid:JVNDB-2019-001427

Trust: 0.8

db:CNNVDid:CNNVD-201901-845

Trust: 0.7

db:NSFOCUSid:43509

Trust: 0.6

db:VULHUBid:VHN-118389

Trust: 0.1

sources: VULHUB: VHN-118389 // BID: 106717 // JVNDB: JVNDB-2019-001427 // CNNVD: CNNVD-201901-845 // NVD: CVE-2018-0187

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190123-ise-info-disclosure

Trust: 2.0

url:http://www.securityfocus.com/bid/106717

Trust: 1.7

url:http://www.cisco.com/en/us/products/ps11640/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0187

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-0187

Trust: 0.8

url:http://www.nsfocus.net/vulndb/43509

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-118389 // BID: 106717 // JVNDB: JVNDB-2019-001427 // CNNVD: CNNVD-201901-845 // NVD: CVE-2018-0187

CREDITS

Cisco ?? ??,Kaung Htet Aung of Grab .,Cisco,This vulnerability was found during the resolution of a Cisco TAC support case.

Trust: 0.6

sources: CNNVD: CNNVD-201901-845

SOURCES

db:VULHUBid:VHN-118389
db:BIDid:106717
db:JVNDBid:JVNDB-2019-001427
db:CNNVDid:CNNVD-201901-845
db:NVDid:CVE-2018-0187

LAST UPDATE DATE

2024-11-23T22:51:52.829000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-118389date:2019-10-09T00:00:00
db:BIDid:106717date:2019-06-17T11:00:00
db:JVNDBid:JVNDB-2019-001427date:2019-03-05T00:00:00
db:CNNVDid:CNNVD-201901-845date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0187date:2024-11-21T03:37:41.510

SOURCES RELEASE DATE

db:VULHUBid:VHN-118389date:2019-01-23T00:00:00
db:BIDid:106717date:2019-01-23T00:00:00
db:JVNDBid:JVNDB-2019-001427date:2019-03-05T00:00:00
db:CNNVDid:CNNVD-201901-845date:2019-01-24T00:00:00
db:NVDid:CVE-2018-0187date:2019-01-23T22:29:00.290