var-201803-1611
Vulnerability from variot
A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The vulnerability is due to insufficient authorization checks for requests that are sent to the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious request to an affected device via the REST API. A successful exploit could allow the attacker to selectively bypass authorization checks for the REST API of the affected software and use the API to perform privileged actions on an affected device. Cisco Bug IDs: CSCuz56428. Cisco IOS XE There is an authentication vulnerability in the software. Vendors have confirmed this vulnerability Bug ID CSCuz56428 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco IOSXESoftware is a set of operating systems developed by Cisco for its network devices. RESTAPI is one of the APIs that support lightweight RESTful web scripts. Attackers can exploit this issue to gain unauthorized access and gain elevated privileges. This may aid in further attacks. REST API is one of the real-time communication APIs
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1611",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios xe",
"scope": null,
"trust": 1.4,
"vendor": "cisco",
"version": null
},
{
"model": "ios xe",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "16.2.2"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.1.2"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.1.1"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.3.0t"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.2.3"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.2.1"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.1.0"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.3.0"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.3.1"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.2.2"
},
{
"model": "ios xe software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "16.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "16.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "16.3(0)"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "16.4.1"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "16.3.1"
},
{
"model": "ios everest-16.4.1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "16.4(0.54)"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "16.3(0.225)"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "16.2(1.31)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08478"
},
{
"db": "BID",
"id": "103557"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003397"
},
{
"db": "NVD",
"id": "CVE-2018-0195"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1004"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.2.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0195"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "103557"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0195",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-0195",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-08478",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-118397",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-0195",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-0195",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-08478",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-1004",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-118397",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08478"
},
{
"db": "VULHUB",
"id": "VHN-118397"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003397"
},
{
"db": "NVD",
"id": "CVE-2018-0195"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1004"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The vulnerability is due to insufficient authorization checks for requests that are sent to the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious request to an affected device via the REST API. A successful exploit could allow the attacker to selectively bypass authorization checks for the REST API of the affected software and use the API to perform privileged actions on an affected device. Cisco Bug IDs: CSCuz56428. Cisco IOS XE There is an authentication vulnerability in the software. Vendors have confirmed this vulnerability Bug ID CSCuz56428 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco IOSXESoftware is a set of operating systems developed by Cisco for its network devices. RESTAPI is one of the APIs that support lightweight RESTful web scripts. \nAttackers can exploit this issue to gain unauthorized access and gain elevated privileges. This may aid in further attacks. REST API is one of the real-time communication APIs",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0195"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003397"
},
{
"db": "CNVD",
"id": "CNVD-2018-08478"
},
{
"db": "BID",
"id": "103557"
},
{
"db": "VULHUB",
"id": "VHN-118397"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0195",
"trust": 3.4
},
{
"db": "BID",
"id": "103557",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003397",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1004",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-08478",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118397",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08478"
},
{
"db": "VULHUB",
"id": "VHN-118397"
},
{
"db": "BID",
"id": "103557"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003397"
},
{
"db": "NVD",
"id": "CVE-2018-0195"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1004"
}
]
},
"id": "VAR-201803-1611",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08478"
},
{
"db": "VULHUB",
"id": "VHN-118397"
}
],
"trust": 1.32263757
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08478"
}
]
},
"last_update_date": "2023-12-18T12:29:04.827000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20180328-rest",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180328-rest"
},
{
"title": "Patch for Cisco IOSXESoftwareRESTAPI Authorization Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/127459"
},
{
"title": "Cisco IOS XE Software REST API Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79472"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08478"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003397"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1004"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118397"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003397"
},
{
"db": "NVD",
"id": "CVE-2018-0195"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180328-rest"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103557"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0195"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0195"
},
{
"trust": 0.6,
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/cscuz56428"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08478"
},
{
"db": "VULHUB",
"id": "VHN-118397"
},
{
"db": "BID",
"id": "103557"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003397"
},
{
"db": "NVD",
"id": "CVE-2018-0195"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1004"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-08478"
},
{
"db": "VULHUB",
"id": "VHN-118397"
},
{
"db": "BID",
"id": "103557"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003397"
},
{
"db": "NVD",
"id": "CVE-2018-0195"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1004"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08478"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-118397"
},
{
"date": "2018-03-28T00:00:00",
"db": "BID",
"id": "103557"
},
{
"date": "2018-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003397"
},
{
"date": "2018-03-28T22:29:02.157000",
"db": "NVD",
"id": "CVE-2018-0195"
},
{
"date": "2018-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-1004"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08478"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118397"
},
{
"date": "2018-03-28T00:00:00",
"db": "BID",
"id": "103557"
},
{
"date": "2018-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003397"
},
{
"date": "2019-10-09T23:31:26.003000",
"db": "NVD",
"id": "CVE-2018-0195"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-1004"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-1004"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS XE Software authentication vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003397"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-1004"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.