cnvd - cnvd-2018-17683

CNVD-2018-17683

Vulnerability from cnvd - Published: 2018-09-06

Title

Cisco Umbrella API未授权访问漏洞

Description

Cisco Umbrella是一个云安全平台。 Cisco Umbrella API存在未授权访问漏洞，该漏洞是由于Cisco Umbrella的API接口的身份验证配置不足，允许经过身份验证的远程攻击者查看和修改其组织和其他组织中的数据。

Severity

低

Patch Name

Cisco Umbrella API未授权访问漏洞的补丁

Patch Description

Cisco Umbrella是一个云安全平台。 Cisco Umbrella API存在未授权访问漏洞，该漏洞是由于Cisco Umbrella的API接口的身份验证配置不足，允许经过身份验证的远程攻击者查看和修改其组织和其他组织中的数据。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

思科发布了软件更新，解决了该漏洞： https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api

Impacted products

Name
Cisco Umbrella

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0435"
    }
  },
  "description": "Cisco Umbrella\u662f\u4e00\u4e2a\u4e91\u5b89\u5168\u5e73\u53f0\u3002\r\n\r\nCisco Umbrella API\u5b58\u5728\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eCisco Umbrella\u7684API\u63a5\u53e3\u7684\u8eab\u4efd\u9a8c\u8bc1\u914d\u7f6e\u4e0d\u8db3\uff0c\u5141\u8bb8\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u67e5\u770b\u548c\u4fee\u6539\u5176\u7ec4\u7ec7\u548c\u5176\u4ed6\u7ec4\u7ec7\u4e2d\u7684\u6570\u636e\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u601d\u79d1\u53d1\u5e03\u4e86\u8f6f\u4ef6\u66f4\u65b0\uff0c\u89e3\u51b3\u4e86\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://www.cisco.com/c/en/us/products/end-user-license-agreement.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-17683",
  "openTime": "2018-09-06",
  "patchDescription": "Cisco Umbrella\u662f\u4e00\u4e2a\u4e91\u5b89\u5168\u5e73\u53f0\u3002\r\n\r\nCisco Umbrella API\u5b58\u5728\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eCisco Umbrella\u7684API\u63a5\u53e3\u7684\u8eab\u4efd\u9a8c\u8bc1\u914d\u7f6e\u4e0d\u8db3\uff0c\u5141\u8bb8\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u67e5\u770b\u548c\u4fee\u6539\u5176\u7ec4\u7ec7\u548c\u5176\u4ed6\u7ec4\u7ec7\u4e2d\u7684\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Umbrella API\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Umbrella"
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api",
  "serverity": "\u4f4e",
  "submitTime": "2018-09-06",
  "title": "Cisco Umbrella API\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}

CVE-2018-0435 (GCVE-0-2018-0435)

Vulnerability from cvelistv5 – Published: 2018-10-05 14:00 – Updated: 2024-11-26 14:43

Summary

A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations.

Severity ?

No CVSS data available.

CWE

CWE-287

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/105283	vdb-entryx_refsource_BID
	https://tools.cisco.com/security/center/content/C…	vendor-advisoryx_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Umbrella	Affected: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:09.813Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105283",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105283"
          },
          {
            "name": "20180905 Cisco Umbrella API Unauthorized Access Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0435",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-25T18:48:39.324459Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T14:43:38.813Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Umbrella",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-09-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-07T09:57:02",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "105283",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105283"
        },
        {
          "name": "20180905 Cisco Umbrella API Unauthorized Access Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20180905-umbrella-api",
        "defect": [
          [
            "CSCvj37940",
            "CSCvj37954",
            "CSCvj37982",
            "CSCvj37993",
            "CSCvj38122"
          ]
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Cisco Umbrella API Unauthorized Access Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2018-09-05T16:00:00-0500",
          "ID": "CVE-2018-0435",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Umbrella API Unauthorized Access Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Umbrella",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "9.1",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105283",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105283"
            },
            {
              "name": "20180905 Cisco Umbrella API Unauthorized Access Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20180905-umbrella-api",
          "defect": [
            [
              "CSCvj37940",
              "CSCvj37954",
              "CSCvj37982",
              "CSCvj37993",
              "CSCvj38122"
            ]
          ],
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0435",
    "datePublished": "2018-10-05T14:00:00Z",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-26T14:43:38.813Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-17683

CVE-2018-0435 (GCVE-0-2018-0435)

Tags

Sightings

Nomenclature