Vulnerability-Lookup

CVE-2018-0436 (GCVE-0-2018-0436)

Vulnerability from cvelistv5 – Published: 2018-10-05 14:00 – Updated: 2024-11-26 14:43

Title

Cisco Webex Teams Information Disclosure and Modification Vulnerability

Summary

A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability.

Severity ?

No CVSS data available.

CWE

CWE-284

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/105301	vdb-entryx_refsource_BID
	https://tools.cisco.com/security/center/content/C…	vendor-advisoryx_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Webex Teams	Affected: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:09.813Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105301",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105301"
          },
          {
            "name": "20180905 Cisco Webex Teams Information Disclosure and Modification Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0436",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-25T18:51:40.323801Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T14:43:27.625Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Webex Teams",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-09-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-07T09:57:02.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "105301",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105301"
        },
        {
          "name": "20180905 Cisco Webex Teams Information Disclosure and Modification Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20180905-webex-id-mod",
        "defect": [
          [
            "CSCvi68464"
          ]
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Cisco Webex Teams Information Disclosure and Modification Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2018-09-05T16:00:00-0500",
          "ID": "CVE-2018-0436",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Webex Teams Information Disclosure and Modification Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Webex Teams",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "8.7",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105301",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105301"
            },
            {
              "name": "20180905 Cisco Webex Teams Information Disclosure and Modification Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20180905-webex-id-mod",
          "defect": [
            [
              "CSCvi68464"
            ]
          ],
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0436",
    "datePublished": "2018-10-05T14:00:00.000Z",
    "dateReserved": "2017-11-27T00:00:00.000Z",
    "dateUpdated": "2024-11-26T14:43:27.625Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/105301\", \"name\": \"105301\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod\", \"name\": \"20180905 Cisco Webex Teams Information Disclosure and Modification Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T03:28:09.813Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-0436\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-25T18:51:40.323801Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-25T18:53:25.377Z\"}}], \"cna\": {\"title\": \"Cisco Webex Teams Information Disclosure and Modification Vulnerability\", \"source\": {\"defect\": [[\"CSCvi68464\"]], \"advisory\": \"cisco-sa-20180905-webex-id-mod\", \"discovery\": \"UNKNOWN\"}, \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Webex Teams\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2018-09-05T00:00:00\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/105301\", \"name\": \"105301\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod\", \"name\": \"20180905 Cisco Webex Teams Information Disclosure and Modification Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2018-10-07T09:57:02\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"8.7\"}}, \"source\": {\"defect\": [[\"CSCvi68464\"]], \"advisory\": \"cisco-sa-20180905-webex-id-mod\", \"discovery\": \"UNKNOWN\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"Cisco Webex Teams\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.securityfocus.com/bid/105301\", \"name\": \"105301\", \"refsource\": \"BID\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod\", \"name\": \"20180905 Cisco Webex Teams Information Disclosure and Modification Vulnerability\", \"refsource\": \"CISCO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-284\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-0436\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco Webex Teams Information Disclosure and Modification Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2018-09-05T16:00:00-0500\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2018-0436\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-26T14:43:27.625Z\", \"dateReserved\": \"2017-11-27T00:00:00\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2018-10-05T14:00:00Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2018-17680

Vulnerability from cnvd - Published: 2018-09-06

Title

Cisco Webex Teams信息泄露和修改漏洞

Description

Cisco Webex Teams是美国思科（Cisco）公司的一款团队协作应用程序。该程序包括视频会议、消息群发和文件共享等功能。 Cisco Webex Teams存在信息泄露和修改漏洞，该漏洞源于受影响的软件对用户帐户和组织帐户之间的关联执行未进行充分检查。具有一个组织帐户的管理员或合规官权限的攻击者可以通过使用这些权限查看和修改另一个组织帐户的数据。

Severity

高

Patch Name

Cisco Webex Teams信息泄露和修改漏洞的补丁

Patch Description

Formal description

思科发布了解决此漏洞的软件更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod

Impacted products

Name
Cisco Webex Teams <20180417-150803

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0436"
    }
  },
  "description": "Cisco Webex Teams\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u56e2\u961f\u534f\u4f5c\u5e94\u7528\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u5305\u62ec\u89c6\u9891\u4f1a\u8bae\u3001\u6d88\u606f\u7fa4\u53d1\u548c\u6587\u4ef6\u5171\u4eab\u7b49\u529f\u80fd\u3002 \r\n\r\nCisco Webex Teams\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u548c\u4fee\u6539\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5f71\u54cd\u7684\u8f6f\u4ef6\u5bf9\u7528\u6237\u5e10\u6237\u548c\u7ec4\u7ec7\u5e10\u6237\u4e4b\u95f4\u7684\u5173\u8054\u6267\u884c\u672a\u8fdb\u884c\u5145\u5206\u68c0\u67e5\u3002\u5177\u6709\u4e00\u4e2a\u7ec4\u7ec7\u5e10\u6237\u7684\u7ba1\u7406\u5458\u6216\u5408\u89c4\u5b98\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u8fd9\u4e9b\u6743\u9650\u67e5\u770b\u548c\u4fee\u6539\u53e6\u4e00\u4e2a\u7ec4\u7ec7\u5e10\u6237\u7684\u6570\u636e\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u601d\u79d1\u53d1\u5e03\u4e86\u89e3\u51b3\u6b64\u6f0f\u6d1e\u7684\u8f6f\u4ef6\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-17680",
  "openTime": "2018-09-06",
  "patchDescription": "Cisco Webex Teams\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u56e2\u961f\u534f\u4f5c\u5e94\u7528\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u5305\u62ec\u89c6\u9891\u4f1a\u8bae\u3001\u6d88\u606f\u7fa4\u53d1\u548c\u6587\u4ef6\u5171\u4eab\u7b49\u529f\u80fd\u3002 \r\n\r\nCisco Webex Teams\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u548c\u4fee\u6539\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5f71\u54cd\u7684\u8f6f\u4ef6\u5bf9\u7528\u6237\u5e10\u6237\u548c\u7ec4\u7ec7\u5e10\u6237\u4e4b\u95f4\u7684\u5173\u8054\u6267\u884c\u672a\u8fdb\u884c\u5145\u5206\u68c0\u67e5\u3002\u5177\u6709\u4e00\u4e2a\u7ec4\u7ec7\u5e10\u6237\u7684\u7ba1\u7406\u5458\u6216\u5408\u89c4\u5b98\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u8fd9\u4e9b\u6743\u9650\u67e5\u770b\u548c\u4fee\u6539\u53e6\u4e00\u4e2a\u7ec4\u7ec7\u5e10\u6237\u7684\u6570\u636e\u3002\r\n\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Webex Teams\u4fe1\u606f\u6cc4\u9732\u548c\u4fee\u6539\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Webex Teams \u003c20180417-150803"
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod",
  "serverity": "\u9ad8",
  "submitTime": "2018-09-06",
  "title": "Cisco Webex Teams\u4fe1\u606f\u6cc4\u9732\u548c\u4fee\u6539\u6f0f\u6d1e"
}

CERTFR-2018-AVI-423

Vulnerability from certfr_avis - Published: 2018-09-06 - Updated: 2018-09-06

De multiples vulnérabilités ont été découvertes dans les produits Cisco . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Webex Meetings Suite (WBS33) versions antérieures à WBS33.4
Cisco	N/A	Cisco Umbrella Roaming Module versions antérieures à 4.6.1098
Cisco	N/A	Cisco Webex Teams versions antérieures à 20180417-150803
Cisco	N/A	Cisco Prime Access Registrar Software versions antérieures à 7.3.0.4
Cisco	N/A	vSmart Controller Software avec Cisco SD-WAN Solution versions antérieures à 18.3.0
Cisco	N/A	Cisco Webex Meetings versions antérieures à 1.3.37 (disponible à partir du 14 septembre 2018)
Cisco	N/A	Cisco Prime Access Registrar Software versions 8.0.x antérieures à 8.0.1.1
Cisco	N/A	vEdge 2000 Series Routers avec Cisco SD-WAN Solution versions antérieures à 18.3.0
Cisco	N/A	vBond Orchestrator Software avec Cisco SD-WAN Solution versions antérieures à 18.3.0
Cisco	N/A	Cisco Integrated Management Controller (IMC) versions 3.1.x antérieures à 3.1(3a)
Cisco	N/A	vManage Network Management System avec Cisco SD-WAN Solution versions antérieures à 18.3.0
Cisco	N/A	Cisco Umbrella Enterprise Roaming Client (ERC) versions antérieures à 2.1.127
Cisco	N/A	vEdge Cloud Router Platform avec Cisco SD-WAN Solution versions antérieures à 18.3.0
Cisco	N/A	Cisco Integrated Management Controller (IMC) versions 2.x et 3.0.x antérieures à 3.0(4d)
Cisco	N/A	Cisco Data Center Network Manager versions antérieures à 11.0(1)
Cisco	N/A	vEdge 1000 Series Routers avec Cisco SD-WAN Solution versions antérieures à 18.3.0
Cisco	N/A	Cisco Webex Meetings Server versions antérieures à 3.0MR2
Cisco	N/A	Cisco RV130W Wireless-N Multifunction VPN Router versions antérieures à 1.0.3.44
Cisco	N/A	vEdge 5000 Series Routers avec Cisco SD-WAN Solution versions antérieures à 18.3.0
Cisco	N/A	Cisco Umbrella API
Cisco	N/A	Cisco Webex Meetings Suite versions antérieures à WBS32.15.20
Cisco	N/A	vEdge 100 Series Routers avec Cisco SD-WAN Solution versions antérieures à 18.3.0

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20180905-sd-wan-escalation du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-sd-wan-validation du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-rv-routers-injection du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-umbrella-file-read du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-cdcnm-escalation du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-cpar-dos du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-rv-routers-traversal du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-rv-routers-disclosure du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-cimc-injection du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-sd-wan-injection du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-umbrella-priv du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-webex-id-mod du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-umbrella-api du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-webex-pe du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-rv-routers-overflow du 05 septembre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Webex Meetings Suite (WBS33) versions ant\u00e9rieures \u00e0 WBS33.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Umbrella Roaming Module versions ant\u00e9rieures \u00e0 4.6.1098",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Webex Teams versions ant\u00e9rieures \u00e0 20180417-150803",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Access Registrar Software versions ant\u00e9rieures \u00e0 7.3.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vSmart Controller Software avec Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Webex Meetings versions ant\u00e9rieures \u00e0 1.3.37 (disponible \u00e0 partir du 14 septembre 2018)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Access Registrar Software versions 8.0.x ant\u00e9rieures \u00e0 8.0.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vEdge 2000 Series Routers avec Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vBond Orchestrator Software avec Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Integrated Management Controller (IMC) versions 3.1.x ant\u00e9rieures \u00e0 3.1(3a)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vManage Network Management System avec Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Umbrella Enterprise Roaming Client (ERC) versions ant\u00e9rieures \u00e0 2.1.127",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vEdge Cloud Router Platform avec Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Integrated Management Controller (IMC) versions 2.x et 3.0.x ant\u00e9rieures \u00e0 3.0(4d)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Data Center Network Manager versions ant\u00e9rieures \u00e0 11.0(1)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vEdge 1000 Series Routers avec Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Webex Meetings Server versions ant\u00e9rieures \u00e0 3.0MR2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco RV130W Wireless-N Multifunction VPN Router versions ant\u00e9rieures \u00e0 1.0.3.44",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vEdge 5000 Series Routers avec Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Umbrella API",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Webex Meetings Suite versions ant\u00e9rieures \u00e0 WBS32.15.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vEdge 100 Series Routers avec Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-0434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0434"
    },
    {
      "name": "CVE-2018-0438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0438"
    },
    {
      "name": "CVE-2018-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0433"
    },
    {
      "name": "CVE-2018-0436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0436"
    },
    {
      "name": "CVE-2018-0426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0426"
    },
    {
      "name": "CVE-2018-0425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0425"
    },
    {
      "name": "CVE-2018-0437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0437"
    },
    {
      "name": "CVE-2018-0423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0423"
    },
    {
      "name": "CVE-2018-0424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0424"
    },
    {
      "name": "CVE-2018-0421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0421"
    },
    {
      "name": "CVE-2018-0435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0435"
    },
    {
      "name": "CVE-2018-0430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0430"
    },
    {
      "name": "CVE-2018-0422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0422"
    },
    {
      "name": "CVE-2018-0431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0431"
    },
    {
      "name": "CVE-2018-0432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0432"
    },
    {
      "name": "CVE-2018-0440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0440"
    }
  ],
  "initial_release_date": "2018-09-06T00:00:00",
  "last_revision_date": "2018-09-06T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-423",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-09-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-sd-wan-escalation du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-escalation"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-sd-wan-validation du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-rv-routers-injection du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-injection"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-umbrella-file-read du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-file-read"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-cdcnm-escalation du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cdcnm-escalation"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-cpar-dos du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cpar-dos"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-rv-routers-traversal du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-traversal"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-rv-routers-disclosure du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-disclosure"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-cimc-injection du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cimc-injection"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-sd-wan-injection du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-injection"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-umbrella-priv du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-priv"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-webex-id-mod du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-umbrella-api du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-webex-pe du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-pe"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-rv-routers-overflow du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-overflow"
    }
  ]
}

GSD-2018-0436

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-0436

Aliases

CVE-2018-0436

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-0436",
    "description": "A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability.",
    "id": "GSD-2018-0436"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-0436"
      ],
      "details": "A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability.",
      "id": "GSD-2018-0436",
      "modified": "2023-12-13T01:22:24.751572Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2018-09-05T16:00:00-0500",
        "ID": "CVE-2018-0436",
        "STATE": "PUBLIC",
        "TITLE": "Cisco Webex Teams Information Disclosure and Modification Vulnerability"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Webex Teams ",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": "8.7",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-284"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "105301",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105301"
          },
          {
            "name": "20180905 Cisco Webex Teams Information Disclosure and Modification Vulnerability",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod"
          }
        ]
      },
      "source": {
        "advisory": "cisco-sa-20180905-webex-id-mod",
        "defect": [
          [
            "CSCvi68464"
          ]
        ],
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_teams:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "20180417-150803",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0436"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-269"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20180905 Cisco Webex Teams Information Disclosure and Modification Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod"
            },
            {
              "name": "105301",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105301"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.3,
          "impactScore": 5.8
        }
      },
      "lastModifiedDate": "2019-10-09T23:32Z",
      "publishedDate": "2018-10-05T14:29Z"
    }
  }
}

GHSA-JR8M-X5PC-VRVR

Vulnerability from github – Published: 2022-05-13 01:35 – Updated: 2022-05-13 01:35

Details

Severity ?

8.7 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-0436"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-05T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability.",
  "id": "GHSA-jr8m-x5pc-vrvr",
  "modified": "2022-05-13T01:35:10Z",
  "published": "2022-05-13T01:35:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0436"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105301"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2018-0436

Vulnerability from fkie_nvd - Published: 2018-10-05 14:29 - Updated: 2024-11-21 03:38

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/105301	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105301	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	webex_teams	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EB91393-4A68-46A1-AE05-AAEDC9B20014",
              "versionEndExcluding": "10.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en Cisco Webex Teams, anteriormente Cisco Spark, podr\u00eda permitir a un atacante remoto autenticado visualizar y modificar los datos de una organizaci\u00f3n que no sea la suya propia. La vulnerabilidad existe porque el software afectado realiza comprobaciones insuficientes de las asociaciones entre las cuentas de usuario y las cuentas de la organizaci\u00f3n. Un atacante que tenga privilegios administrator o compliance officer para una cuenta de la organizaci\u00f3n podr\u00eda explotar esta vulnerabilidad utilizando esos privilegios para visualizar y modificar datos para otra cuenta de la organizaci\u00f3n. Esta vulnerabilidad no afect\u00f3 a los datos de los clientes."
    }
  ],
  "id": "CVE-2018-0436",
  "lastModified": "2024-11-21T03:38:13.580",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-05T14:29:01.933",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105301"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-0436 (GCVE-0-2018-0436)

CNVD-2018-17680

CERTFR-2018-AVI-423

Solution

GSD-2018-0436

GHSA-JR8M-X5PC-VRVR

FKIE_CVE-2018-0436

Tags

Sightings

Nomenclature