cnvd - cnvd-2018-17679

CNVD-2018-17679

Vulnerability from cnvd - Published: 2018-09-06

Title

Cisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module权限提升漏洞

Description

Umbrella Roaming是思科下一代防火墙的云端安全服务。 Cisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module存在权限提升漏洞，该漏洞源于文件系统权限的未正确实现，允许非管理用户将文件放在受限目录中。攻击者可以通过在受限目录中放置可执行文件来利用此漏洞，该目录在由ERC客户端执行时将以管理员权限运行。

Severity

中

Patch Name

Cisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module权限提升漏洞的补丁

Patch Description

Formal description

思科发布了解决此漏洞的软件更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-priv

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-priv

Impacted products

Name
['Cisco Umbrella ERC <2.1.118', 'Cisco Umbrella Roaming Module <4.6.1098']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0437"
    }
  },
  "description": "Umbrella Roaming\u662f\u601d\u79d1\u4e0b\u4e00\u4ee3\u9632\u706b\u5899\u7684\u4e91\u7aef\u5b89\u5168\u670d\u52a1\u3002\r\n\r\nCisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6587\u4ef6\u7cfb\u7edf\u6743\u9650\u7684\u672a\u6b63\u786e\u5b9e\u73b0\uff0c\u5141\u8bb8\u975e\u7ba1\u7406\u7528\u6237\u5c06\u6587\u4ef6\u653e\u5728\u53d7\u9650\u76ee\u5f55\u4e2d\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5728\u53d7\u9650\u76ee\u5f55\u4e2d\u653e\u7f6e\u53ef\u6267\u884c\u6587\u4ef6\u6765\u5229\u7528\u6b64\u6f0f\u6d1e\uff0c\u8be5\u76ee\u5f55\u5728\u7531ERC\u5ba2\u6237\u7aef\u6267\u884c\u65f6\u5c06\u4ee5\u7ba1\u7406\u5458\u6743\u9650\u8fd0\u884c\u3002",
  "discovererName": "Quentin Rhoads",
  "formalWay": "\u601d\u79d1\u53d1\u5e03\u4e86\u89e3\u51b3\u6b64\u6f0f\u6d1e\u7684\u8f6f\u4ef6\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-priv",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-17679",
  "openTime": "2018-09-06",
  "patchDescription": "Umbrella Roaming\u662f\u601d\u79d1\u4e0b\u4e00\u4ee3\u9632\u706b\u5899\u7684\u4e91\u7aef\u5b89\u5168\u670d\u52a1\u3002\r\n\r\nCisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6587\u4ef6\u7cfb\u7edf\u6743\u9650\u7684\u672a\u6b63\u786e\u5b9e\u73b0\uff0c\u5141\u8bb8\u975e\u7ba1\u7406\u7528\u6237\u5c06\u6587\u4ef6\u653e\u5728\u53d7\u9650\u76ee\u5f55\u4e2d\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5728\u53d7\u9650\u76ee\u5f55\u4e2d\u653e\u7f6e\u53ef\u6267\u884c\u6587\u4ef6\u6765\u5229\u7528\u6b64\u6f0f\u6d1e\uff0c\u8be5\u76ee\u5f55\u5728\u7531ERC\u5ba2\u6237\u7aef\u6267\u884c\u65f6\u5c06\u4ee5\u7ba1\u7406\u5458\u6743\u9650\u8fd0\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Umbrella ERC \u003c2.1.118",
      "Cisco Umbrella Roaming Module \u003c4.6.1098"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-priv",
  "serverity": "\u4e2d",
  "submitTime": "2018-09-06",
  "title": "Cisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2018-0437 (GCVE-0-2018-0437)

Vulnerability from cvelistv5 – Published: 2018-10-05 14:00 – Updated: 2024-11-26 14:43

Summary

A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges.

Severity ?

No CVSS data available.

CWE

CWE-264

Assigner

cisco

References

URL

Tags

	https://www.exploit-db.com/exploits/45339/	exploitx_refsource_EXPLOIT-DB
	http://www.securityfocus.com/bid/105292	vdb-entryx_refsource_BID
	https://tools.cisco.com/security/center/content/C…	vendor-advisoryx_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Umbrella	Affected: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:10.701Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "45339",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45339/"
          },
          {
            "name": "105292",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105292"
          },
          {
            "name": "20180905 Cisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module Privilege Escalation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-priv"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0437",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-25T18:51:38.478945Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T14:43:17.640Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Umbrella",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-09-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-264",
              "description": "CWE-264",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-07T09:57:02",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "45339",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45339/"
        },
        {
          "name": "105292",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105292"
        },
        {
          "name": "20180905 Cisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module Privilege Escalation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-priv"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20180905-umbrella-priv",
        "defect": [
          [
            "CSCvj46275",
            "CSCvj48400"
          ]
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Cisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module Privilege Escalation Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2018-09-05T16:00:00-0500",
          "ID": "CVE-2018-0437",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module Privilege Escalation Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Umbrella",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "7.8",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "45339",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45339/"
            },
            {
              "name": "105292",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105292"
            },
            {
              "name": "20180905 Cisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module Privilege Escalation Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-priv"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20180905-umbrella-priv",
          "defect": [
            [
              "CSCvj46275",
              "CSCvj48400"
            ]
          ],
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0437",
    "datePublished": "2018-10-05T14:00:00Z",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-26T14:43:17.640Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-17679

CVE-2018-0437 (GCVE-0-2018-0437)

Tags

Sightings

Nomenclature