Vulnerabilites related to cisco - rv180w_firmware
Vulnerability from fkie_nvd
Published
2017-10-12 15:29
Modified
2024-11-21 02:34
Summary
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ciIssue Tracking, Patch, Vendor Advisory
ykramarz@cisco.comhttp://www.kb.cert.org/vuls/id/566724Third Party Advisory, US Government Resource
ykramarz@cisco.comhttp://www.securityfocus.com/bid/78047Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1034255Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1034256Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1034257Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1034258Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ciIssue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/566724Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/78047Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034255Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034256Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034257Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034258Third Party Advisory, VDB Entry



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv320_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F503CBF1-C2FB-40ED-8DA4-85F233EC4F8F",
                     versionEndIncluding: "1.3.1.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv320:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7596F6D4-10DA-4F29-95AD-75B60F4670D6",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv325_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE1BC6E1-8A83-438F-AE33-3AAED7DF1CBE",
                     versionEndIncluding: "1.3.1.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv325:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3435D601-EDA8-49FF-8841-EA6DF1518C75",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rvs4000_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7881E4BC-6590-49C0-88C4-A21F2BE2B4FE",
                     versionEndIncluding: "2.0.3.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rvs4000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC30BCF7-FA1A-44B3-8C58-17DFA939E7C7",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:wrv210_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E9D1511-2B20-4013-9504-0FE9A9B5220C",
                     versionEndIncluding: "2.0.1.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:wrv210:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FA20862-B235-4230-8861-A59CF62CC65E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:wap4410n_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB758D90-1888-42E3-9305-82F59D9C1891",
                     versionEndIncluding: "2.0.7.8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:wap4410n:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFF89AC2-2A85-463C-A644-B3FA31A470FA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:wrv200_firmware:1.0.39:*:*:*:*:*:*:*",
                     matchCriteriaId: "57B0AF22-058C-4273-8A3F-744692DFB77E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:wrv200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F73575BC-B0E8-49A5-8E68-4D9B3109029D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:wrvs4400n_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A1D37CC-A650-496D-B66B-62F69EFFFCCC",
                     versionEndIncluding: "2.0.2.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:wrvs4400n:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC842A29-7A55-4474-B5AD-A6813FE16A7D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:wap200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CBC035F1-83DE-47F1-BF2D-72FE32E926BC",
                     versionEndIncluding: "2.0.6.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:wap200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BD50A4C8-8E79-4D0B-8D23-88425EFE9234",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:wvc2300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C6F6D758-4D48-4D16-B54C-08F924D8623C",
                     versionEndIncluding: "1.1.2.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:wvc2300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E1122B4F-87D0-4030-9C4C-E811BBEAC51F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:pvc2300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "24B3D0D5-BA35-44A7-A9AC-EFC38638424E",
                     versionEndIncluding: "1.1.2.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:pvc2300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "35B259F8-E3F8-44D0-9EDB-BC686F239CF6",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:srw224p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "72473F9C-4AD6-47AE-9568-D7451EB8DD09",
                     versionEndIncluding: "2.0.2.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:srw224p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B559090-2CB3-41E6-B9C8-EB83FC7AFE54",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:wet200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1B80159-909F-4B59-9DC6-34C1E508FCD1",
                     versionEndIncluding: "2.0.8.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:wet200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "565A92B8-DF55-4F7D-B312-E1870728F27A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:wap2000_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3751819E-FF92-4540-93D2-2D8F8427D826",
                     versionEndIncluding: "2.0.8.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:wap2000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4844B66-4D3A-4526-87A3-6C45B9360691",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:wap4400n_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C17056F7-933C-45AD-8F75-64E4B9ADFB55",
                     versionEndIncluding: "-",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:wap4400n:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D47B755E-277A-4FF5-B005-C7F28B191D6B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "34E8DF08-06D6-46EE-AE4A-8FA11D3E1FB9",
                     versionEndIncluding: "1.0.5.9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "40465CA8-BE8B-4F15-8578-D8972C241D84",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A27C46AD-51E7-463F-A296-D4C6DF9B01F7",
                     versionEndIncluding: "1.0.5.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv180:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8BD67F3-98CE-4B03-8980-6791B753FDC9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv180w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA690405-6AB8-4503-90AB-0B25F50F4776",
                     versionEndIncluding: "1.0.5.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5E3FBF6-4EB3-4C2F-AE0E-25F5765DD107",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv315w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EEDA17A-529D-455C-B608-DFCFEC4DD448",
                     versionEndIncluding: "1.01.03",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv315w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D7B47D7-4D6B-43BF-BF1C-E89C781DDD14",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:srp520_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "857DB576-9674-42E1-B122-0ACCD696818F",
                     versionEndIncluding: "1.01.29",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:srp520:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEE62C2A-30E6-4E0F-AC84-1A75F5032D22",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:srp520-u_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F87C7EB8-4AF8-484E-B90F-B5E2C77D7679",
                     versionEndIncluding: "1.2.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:srp520-u:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4A12DCA-F804-4CC1-B1FE-EF4A182A9722",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:wrp500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "67487247-39A1-4EF9-A451-3A2585CC7D54",
                     versionEndIncluding: "1.0.1.002",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:wrp500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "78DAF22A-9A5A-4E55-AF0F-ED9969610411",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:spa400_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "26067A0B-6752-4008-A021-57A76AC84F26",
                     versionEndIncluding: "1.1.2.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:spa400:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A20F9B77-999F-4B2E-8894-6D6AED4A92CC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rtp300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "114E7DD2-5C5F-40A2-A795-FF75FACB4567",
                     versionEndIncluding: "3.1.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rtp300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "78E72C11-E53D-4E29-802A-002F0229C158",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C9C4E5A6-88BB-4758-8222-369BAE95C14B",
                     versionEndIncluding: "1.0.4.17",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8620DFD9-E280-464E-91FF-2E901EDD49C0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.",
      },
      {
         lang: "es",
         value: "Múltiples dispositivos con software de Cisco incorporado utilizan certificados X.509 embebidos y claves de host SSH embebidas en el firmware, lo que permite que atacantes remotos superen los mecanismos de protección criptográfica y realicen ataques Man-in-the-Middle (MitM) sabiendo de estos certificados y claves de otra instalación. Esto también se conoce por los siguientes Bug ID: CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899 y CSCuw90913.",
      },
   ],
   id: "CVE-2015-6358",
   lastModified: "2024-11-21T02:34:50.923",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-10-12T15:29:00.217",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci",
      },
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/566724",
      },
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/78047",
      },
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1034255",
      },
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1034256",
      },
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1034257",
      },
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1034258",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/566724",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/78047",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1034255",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1034256",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1034257",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1034258",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-295",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-10-05 17:29
Modified
2024-11-21 03:38
Summary
A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to conduct a directory path traversal attack on a targeted device. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv180w_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D4116FE-D526-4FC6-9BFC-31155D467ADE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5E3FBF6-4EB3-4C2F-AE0E-25F5765DD107",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv220w_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2FA50FE-0C86-4C7D-B6EF-5A0BF1989DD5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8620DFD9-E280-464E-91FF-2E901EDD49C0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to conduct a directory path traversal attack on a targeted device. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el código framework web para Cisco RV180W Wireless-N Multifunction VPN Router y Small Business RV Series RV220W Wireless Network Security Firewall podría permitir que un atacante remoto realice un ataque de salto de directorio en un dispositivo objetivo. Este problema se debe al saneamiento incorrecto de las entradas proporcionadas por el usuario en parámetros de peticiones HTTP que describen nombres de archivo. Un atacante podría explotar esta vulnerabilidad empleando técnicas de salto de directorio para enviar una ruta a la localización de archivo que prefiera.",
      },
   ],
   id: "CVE-2018-0405",
   lastModified: "2024-11-21T03:38:09.590",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-10-05T17:29:00.277",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk28019",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk28019",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2015-6358
Vulnerability from cvelistv5
Published
2017-10-12 15:00
Modified
2024-08-06 07:22
Severity ?
Summary
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.
References
http://www.kb.cert.org/vuls/id/566724third-party-advisory, x_refsource_CERT-VN
http://www.securitytracker.com/id/1034258vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/78047vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1034255vdb-entry, x_refsource_SECTRACK
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-civendor-advisory, x_refsource_CISCO
http://www.securitytracker.com/id/1034257vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id/1034256vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T07:22:20.764Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "VU#566724",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/566724",
               },
               {
                  name: "1034258",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1034258",
               },
               {
                  name: "78047",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/78047",
               },
               {
                  name: "1034255",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1034255",
               },
               {
                  name: "20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci",
               },
               {
                  name: "1034257",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1034257",
               },
               {
                  name: "1034256",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1034256",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-11-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-12T14:57:01",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "VU#566724",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/566724",
            },
            {
               name: "1034258",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1034258",
            },
            {
               name: "78047",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/78047",
            },
            {
               name: "1034255",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1034255",
            },
            {
               name: "20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci",
            },
            {
               name: "1034257",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1034257",
            },
            {
               name: "1034256",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1034256",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               ID: "CVE-2015-6358",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "VU#566724",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/566724",
                  },
                  {
                     name: "1034258",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1034258",
                  },
                  {
                     name: "78047",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/78047",
                  },
                  {
                     name: "1034255",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1034255",
                  },
                  {
                     name: "20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability",
                     refsource: "CISCO",
                     url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci",
                  },
                  {
                     name: "1034257",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1034257",
                  },
                  {
                     name: "1034256",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1034256",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2015-6358",
      datePublished: "2017-10-12T15:00:00",
      dateReserved: "2015-08-17T00:00:00",
      dateUpdated: "2024-08-06T07:22:20.764Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-0405
Vulnerability from cvelistv5
Published
2018-10-05 17:00
Modified
2024-11-26 14:26
Severity ?
Summary
A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to conduct a directory path traversal attack on a targeted device. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location.
References
Impacted products
Vendor Product Version
Cisco Cisco RV180W Wireless-N Multifunction VPN Router Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T03:21:15.612Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk28019",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2018-0405",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-25T18:52:55.448207Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-26T14:26:09.815Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco RV180W Wireless-N Multifunction VPN Router",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-10-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to conduct a directory path traversal attack on a targeted device. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-22",
                     description: "CWE-22",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-05T16:57:01",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk28019",
            },
         ],
         source: {
            advisory: "CSCvk28019",
            defect: [
               [
                  "CSCvk28019",
               ],
            ],
            discovery: "UNKNOWN",
         },
         title: "Cisco RV180W Wireless-N Multifunction VPN Router Directory Path Traversal Vulnerability",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2018-10-03T16:00:00-0500",
               ID: "CVE-2018-0405",
               STATE: "PUBLIC",
               TITLE: "Cisco RV180W Wireless-N Multifunction VPN Router Directory Path Traversal Vulnerability",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco RV180W Wireless-N Multifunction VPN Router",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to conduct a directory path traversal attack on a targeted device. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location.",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "7.5",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-22",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk28019",
                     refsource: "CONFIRM",
                     url: "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk28019",
                  },
               ],
            },
            source: {
               advisory: "CSCvk28019",
               defect: [
                  [
                     "CSCvk28019",
                  ],
               ],
               discovery: "UNKNOWN",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2018-0405",
      datePublished: "2018-10-05T17:00:00Z",
      dateReserved: "2017-11-27T00:00:00",
      dateUpdated: "2024-11-26T14:26:09.815Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}