CVE-2018-0462
Vulnerability from cvelistv5
Published
2018-10-05 14:00
Modified
2024-09-17 01:20
Severity ?
EPSS score ?
Summary
Cisco Enterprise NFV Infrastructure Software Denial of Service Vulnerability
References
▼ | URL | Tags | |
---|---|---|---|
ykramarz@cisco.com | http://www.securityfocus.com/bid/105291 | Third Party Advisory, VDB Entry | |
ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-dos1 | Vendor Advisory |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Enterprise NFV Infrastructure Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:28:09.849Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20180905 Cisco Enterprise NFV Infrastructure Software Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-dos1" }, { "name": "105291", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105291" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Enterprise NFV Infrastructure Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a denial of service (DoS) attack against an affected system. The vulnerability is due to insufficient validation of user-provided input. An attacker could exploit this vulnerability by logging in with a highly privileged user account and performing a sequence of specific user management operations that interfere with the underlying operating system. A successful exploit could allow the attacker to permanently degrade the functionality of the affected system." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-07T09:57:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20180905 Cisco Enterprise NFV Infrastructure Software Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-dos1" }, { "name": "105291", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105291" } ], "source": { "advisory": "cisco-sa-20180905-nfvis-dos1", "defect": [ [ "CSCvi09672" ] ], "discovery": "UNKNOWN" }, "title": "Cisco Enterprise NFV Infrastructure Software Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2018-09-05T16:00:00-0500", "ID": "CVE-2018-0462", "STATE": "PUBLIC", "TITLE": "Cisco Enterprise NFV Infrastructure Software Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Enterprise NFV Infrastructure Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a denial of service (DoS) attack against an affected system. The vulnerability is due to insufficient validation of user-provided input. An attacker could exploit this vulnerability by logging in with a highly privileged user account and performing a sequence of specific user management operations that interfere with the underlying operating system. A successful exploit could allow the attacker to permanently degrade the functionality of the affected system." } ] }, "impact": { "cvss": { "baseScore": "4.9", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "20180905 Cisco Enterprise NFV Infrastructure Software Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-dos1" }, { "name": "105291", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105291" } ] }, "source": { "advisory": "cisco-sa-20180905-nfvis-dos1", "defect": [ [ "CSCvi09672" ] ], "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0462", "datePublished": "2018-10-05T14:00:00Z", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2024-09-17T01:20:57.734Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2018-0462\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2018-10-05T14:29:04.137\",\"lastModified\":\"2019-10-09T23:32:08.367\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a denial of service (DoS) attack against an affected system. The vulnerability is due to insufficient validation of user-provided input. An attacker could exploit this vulnerability by logging in with a highly privileged user account and performing a sequence of specific user management operations that interfere with the underlying operating system. A successful exploit could allow the attacker to permanently degrade the functionality of the affected system.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la funcionalidad de gesti\u00f3n de usuarios de Cisco Enterprise NFV Infrastructure Software (NFVIS) podr\u00eda permitir que un atacante remoto autenticado realice un ataque de denegaci\u00f3n de servicio (DoS) contra un sistema afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de las entradas proporcionadas por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad iniciando sesi\u00f3n con una cuenta de usuario con privilegios altos y realizando una secuencia de operaciones de gesti\u00f3n de usuarios espec\u00edficas que interfieran con el sistema operativo subyacente. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante degrade permanentemente la funcionalidad del sistema afectado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:enterprise_network_virtualization_software:nfvis-6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62321232-048A-4A3E-8F72-52D8790CC3C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:enterprise_network_virtualization_software:nfvis-8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"060E1969-C4EB-4E8A-9007-984C89D8A853\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105291\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-dos1\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.