VAR-201803-1590
Vulnerability from variot - Updated: 2024-11-23 22:00A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service (DoS) condition. The device may need to be manually rebooted to recover. The vulnerability is due to lack of proper input validation of the CLI user input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and issuing a crafted, malicious CLI command on the targeted device. A successful exploit could allow the attacker to cause a DoS condition. The attacker must have valid administrative privileges on the device to exploit this vulnerability. Cisco Bug IDs: CSCvf63414, CSCvh51992. Vendors report this vulnerability Bug ID CSCvf63414 and CSCvh51992 Published as.Denial of service (DoS) May be in a state. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1590",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "identity services engine",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.2\\(1.145\\)"
},
{
"model": "identity services engine",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.1\\(0.474\\)"
},
{
"model": "identity services engine",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.4\\(0.247\\)"
},
{
"model": "identity services engine",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "identity services engine series appliances",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "33002.4(0.247)"
},
{
"model": "identity services engine series appliances",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "33002.2(1.145)"
},
{
"model": "identity services engine series appliances",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "33002.1(0.474)"
},
{
"model": "identity services engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "103334"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002590"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-256"
},
{
"db": "NVD",
"id": "CVE-2018-0211"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:identity_services_engine",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002590"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "103334"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0211",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-0211",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-118413",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.8,
"id": "CVE-2018-0211",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0211",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-0211",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-256",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118413",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118413"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002590"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-256"
},
{
"db": "NVD",
"id": "CVE-2018-0211"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service (DoS) condition. The device may need to be manually rebooted to recover. The vulnerability is due to lack of proper input validation of the CLI user input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and issuing a crafted, malicious CLI command on the targeted device. A successful exploit could allow the attacker to cause a DoS condition. The attacker must have valid administrative privileges on the device to exploit this vulnerability. Cisco Bug IDs: CSCvf63414, CSCvh51992. Vendors report this vulnerability Bug ID CSCvf63414 and CSCvh51992 Published as.Denial of service (DoS) May be in a state. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0211"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002590"
},
{
"db": "BID",
"id": "103334"
},
{
"db": "VULHUB",
"id": "VHN-118413"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0211",
"trust": 2.8
},
{
"db": "BID",
"id": "103334",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1040471",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002590",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-256",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-118413",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118413"
},
{
"db": "BID",
"id": "103334"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002590"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-256"
},
{
"db": "NVD",
"id": "CVE-2018-0211"
}
]
},
"id": "VAR-201803-1590",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-118413"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:00:39.561000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20180307-ise",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise"
},
{
"title": "Cisco Identity Services Engine Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78990"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002590"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-256"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118413"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002590"
},
{
"db": "NVD",
"id": "CVE-2018-0211"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180307-ise"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103334"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1040471"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0211"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0211"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118413"
},
{
"db": "BID",
"id": "103334"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002590"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-256"
},
{
"db": "NVD",
"id": "CVE-2018-0211"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-118413"
},
{
"db": "BID",
"id": "103334"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002590"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-256"
},
{
"db": "NVD",
"id": "CVE-2018-0211"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-118413"
},
{
"date": "2018-03-07T00:00:00",
"db": "BID",
"id": "103334"
},
{
"date": "2018-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002590"
},
{
"date": "2018-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-256"
},
{
"date": "2018-03-08T07:29:00.643000",
"db": "NVD",
"id": "CVE-2018-0211"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118413"
},
{
"date": "2018-03-07T00:00:00",
"db": "BID",
"id": "103334"
},
{
"date": "2018-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002590"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-256"
},
{
"date": "2024-11-21T03:37:44.483000",
"db": "NVD",
"id": "CVE-2018-0211"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "103334"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-256"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Identity Services Engine Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002590"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "103334"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-256"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…