Vulnerability-Lookup

CVE-2018-15386 (GCVE-0-2018-15386)

Vulnerability from cvelistv5 – Published: 2018-10-05 14:00 – Updated: 2024-11-26 14:34

Title

Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability

Summary

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.

Severity ?

No CVSS data available.

CWE

CWE-16

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/105504	vdb-entryx_refsource_BID
	https://tools.cisco.com/security/center/content/C…	vendor-advisoryx_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Digital Network Architecture Center (DNA Center)	Affected: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:54:02.760Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105504",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105504"
          },
          {
            "name": "20181003 Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-15386",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-25T18:54:49.763341Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T14:34:27.670Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Digital Network Architecture Center (DNA Center)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-10-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-16",
              "description": "CWE-16",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-07T09:57:02.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "105504",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105504"
        },
        {
          "name": "20181003 Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20181003-dna-unauth-access",
        "defect": [
          [
            "CSCvj05082",
            "CSCvj05086"
          ]
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2018-10-03T16:00:00-0500",
          "ID": "CVE-2018-15386",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Digital Network Architecture Center (DNA Center)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "9.8",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-16"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105504",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105504"
            },
            {
              "name": "20181003 Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20181003-dna-unauth-access",
          "defect": [
            [
              "CSCvj05082",
              "CSCvj05086"
            ]
          ],
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-15386",
    "datePublished": "2018-10-05T14:00:00.000Z",
    "dateReserved": "2018-08-17T00:00:00.000Z",
    "dateUpdated": "2024-11-26T14:34:27.670Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/105504\", \"name\": \"105504\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access\", \"name\": \"20181003 Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T09:54:02.760Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-15386\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-25T18:54:49.763341Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-25T18:55:17.294Z\"}}], \"cna\": {\"title\": \"Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability\", \"source\": {\"defect\": [[\"CSCvj05082\", \"CSCvj05086\"]], \"advisory\": \"cisco-sa-20181003-dna-unauth-access\", \"discovery\": \"UNKNOWN\"}, \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Digital Network Architecture Center (DNA Center)\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2018-10-03T00:00:00.000Z\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/105504\", \"name\": \"105504\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access\", \"name\": \"20181003 Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-16\", \"description\": \"CWE-16\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2018-10-07T09:57:02.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"9.8\"}}, \"source\": {\"defect\": [[\"CSCvj05082\", \"CSCvj05086\"]], \"advisory\": \"cisco-sa-20181003-dna-unauth-access\", \"discovery\": \"UNKNOWN\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"Cisco Digital Network Architecture Center (DNA Center)\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.securityfocus.com/bid/105504\", \"name\": \"105504\", \"refsource\": \"BID\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access\", \"name\": \"20181003 Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability\", \"refsource\": \"CISCO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-16\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-15386\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2018-10-03T16:00:00-0500\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2018-15386\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-26T14:34:27.670Z\", \"dateReserved\": \"2018-08-17T00:00:00.000Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2018-10-05T14:00:00.000Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2018-15386

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-15386

Aliases

CVE-2018-15386

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-15386",
    "description": "A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.",
    "id": "GSD-2018-15386"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-15386"
      ],
      "details": "A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.",
      "id": "GSD-2018-15386",
      "modified": "2023-12-13T01:22:23.992763Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2018-10-03T16:00:00-0500",
        "ID": "CVE-2018-15386",
        "STATE": "PUBLIC",
        "TITLE": "Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Digital Network Architecture Center (DNA Center) ",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": "9.8",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-16"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "105504",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105504"
          },
          {
            "name": "20181003 Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access"
          }
        ]
      },
      "source": {
        "advisory": "cisco-sa-20181003-dna-unauth-access",
        "defect": [
          [
            "CSCvj05082",
            "CSCvj05086"
          ]
        ],
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:digital_network_architecture_center:1.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:digital_network_architecture_center:1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:digital_network_architecture_center:1.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:digital_network_architecture_center:1.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-15386"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20181003 Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access"
            },
            {
              "name": "105504",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105504"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-13T12:50Z",
      "publishedDate": "2018-10-05T14:29Z"
    }
  }
}

FKIE_CVE-2018-15386

Vulnerability from fkie_nvd - Published: 2018-10-05 14:29 - Updated: 2024-11-21 03:50

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/105504	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105504	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	digital_network_architecture_center	1.1
cisco	digital_network_architecture_center	1.1.1
cisco	digital_network_architecture_center	1.1.2
cisco	digital_network_architecture_center	1.1.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:digital_network_architecture_center:1.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "9D802D77-35A3-4102-94AB-27A865A73E8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:digital_network_architecture_center:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E61E62E5-FEBD-4511-818D-EFE96BCDD37E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:digital_network_architecture_center:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08A0D07E-9DAC-4244-97BE-9FC0DE49E67B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:digital_network_architecture_center:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7F1B7A4-2A75-4EEE-8321-873E0A5B47CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en Cisco Digital Network Architecture (DNA) Center podr\u00eda permitir que un atacante remoto no autenticado omita la autenticaci\u00f3n y tenga acceso directo no autorizado a funciones de gesti\u00f3n cr\u00edticas. La vulnerabilidad se debe a una configuraci\u00f3n insegura por defecto del sistema afectado. Un atacante podr\u00eda explotar esta vulnerabilidad conect\u00e1ndose directamente a los servicios expuestos. Su explotaci\u00f3n podr\u00eda permitir que el atacante recupere y modifique archivos del sistema cr\u00edticos."
    }
  ],
  "id": "CVE-2018-15386",
  "lastModified": "2024-11-21T03:50:40.500",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-05T14:29:07.340",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105504"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105504"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-16"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-9F8Q-CQ6P-JFGV

Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-15386"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-05T14:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.",
  "id": "GHSA-9f8q-cq6p-jfgv",
  "modified": "2022-05-13T01:23:46Z",
  "published": "2022-05-13T01:23:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15386"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105504"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2018-21926

Vulnerability from cnvd - Published: 2018-10-28

Title

Cisco Digital Network Architecture Center认证绕过漏洞

Description

Cisco Digital Network Architecture Center（DNA Center）是美国思科（Cisco）公司的一套数字网络体系结构解决方案。该方案能够扩展并保护网络内的设备、应用程序等。 Cisco DNA Center 1.1版本中存在认证绕过漏洞，该漏洞源于受影响系统中带有不安全的默认配置。远程攻击者可利用该漏洞检索和修改重要的系统文件。

Severity

高

Patch Name

Cisco Digital Network Architecture Center认证绕过漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access

Reference

http://www.securityfocus.com/bid/105504

Impacted products

Name
Cisco Digital Network Architecture Center

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "105504"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-15386"
    }
  },
  "description": "Cisco Digital Network Architecture Center\uff08DNA Center\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u6570\u5b57\u7f51\u7edc\u4f53\u7cfb\u7ed3\u6784\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u80fd\u591f\u6269\u5c55\u5e76\u4fdd\u62a4\u7f51\u7edc\u5185\u7684\u8bbe\u5907\u3001\u5e94\u7528\u7a0b\u5e8f\u7b49\u3002\r\n\r\nCisco DNA Center 1.1\u7248\u672c\u4e2d\u5b58\u5728\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5f71\u54cd\u7cfb\u7edf\u4e2d\u5e26\u6709\u4e0d\u5b89\u5168\u7684\u9ed8\u8ba4\u914d\u7f6e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u68c0\u7d22\u548c\u4fee\u6539\u91cd\u8981\u7684\u7cfb\u7edf\u6587\u4ef6\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-21926",
  "openTime": "2018-10-28",
  "patchDescription": "Cisco Digital Network Architecture Center\uff08DNA Center\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u6570\u5b57\u7f51\u7edc\u4f53\u7cfb\u7ed3\u6784\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u80fd\u591f\u6269\u5c55\u5e76\u4fdd\u62a4\u7f51\u7edc\u5185\u7684\u8bbe\u5907\u3001\u5e94\u7528\u7a0b\u5e8f\u7b49\u3002\r\n\r\nCisco DNA Center 1.1\u7248\u672c\u4e2d\u5b58\u5728\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5f71\u54cd\u7cfb\u7edf\u4e2d\u5e26\u6709\u4e0d\u5b89\u5168\u7684\u9ed8\u8ba4\u914d\u7f6e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u68c0\u7d22\u548c\u4fee\u6539\u91cd\u8981\u7684\u7cfb\u7edf\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Digital Network Architecture Center\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Digital Network Architecture Center"
  },
  "referenceLink": "http://www.securityfocus.com/bid/105504",
  "serverity": "\u9ad8",
  "submitTime": "2018-10-10",
  "title": "Cisco Digital Network Architecture Center\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

CERTFR-2018-AVI-468

Vulnerability from certfr_avis - Published: 2018-10-04 - Updated: 2018-10-04

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco Webex Business Suite WBS31 sites – Webex Network Recording Player et Webex Player toutes versions antérieures à WBS31.23
Cisco Webex Business Suite WBS32 sites – Webex Network Recording Player et Webex Player toutes versions antérieures à WBS32.15.20
Cisco Webex Business Suite WBS33 sites – Webex Network Recording Player et Webex Player toutes versions antérieures à WBS33.4
Cisco Webex Meetings Online – Webex Network Recording Player et Webex Player toutes versions antérieures à 1.3.37
Cisco Webex Meetings Server – Webex Network Recording Player toutes versions antérieures à 3.0MR2 Patch 1
Cisco SD-WAN Solution toutes versions antérieures à 17.2.8 et 18.3.1 exécutées sur un des produits suivants :
- Logiciel vBond Orchestrator
- Routeurs vEdge 100 Series
- Routeurs vEdge 1000 Series
- Routeurs vEdge 2000 Series
- Routeurs vEdge 5000 Series
- Routeurs vEdge Cloud Platform
- vManage Network Management Software
- vSmart Controller Software
Logiciel Cisco PI versions 3.2 à 3.4 sans correctif de sécurité et avec le serveur TFTP actif
Cisco HyperFlex versions antérieures à 3.5(1a).
Cisco Firepower Threat Defense (FTD) versions 6.2.3.x antérieures à 6.2.3.4
Cisco Firepower System
Cisco DNA Center versions antérieures à 1.1.4
Cisco Prime Collaboration Provisioning versions antérieures à 12.1
ASA 5506-X avec le service FirePOWER exécutant une version vulnérable du logiciel Cisco Adaptive Security Appliance (ASA) ou Cisco Firepower Threat Defense (FTD)
ASA 5506H-X avec le service FirePOWER exécutant une version vulnérable du logiciel Cisco Adaptive Security Appliance (ASA) ou Cisco Firepower Threat Defense (FTD)
ASA 5506W-X avec le service FirePOWER exécutant une version vulnérable du logiciel Cisco Adaptive Security Appliance (ASA) ou Cisco Firepower Threat Defense (FTD)
ASA 5508-X avec le service FirePOWER exécutant une version vulnérable du logiciel Cisco Adaptive Security Appliance (ASA) ou Cisco Firepower Threat Defense (FTD)
ASA 5516-X avec le service FirePOWER exécutant une version vulnérable du logiciel Cisco Adaptive Security Appliance (ASA) ou Cisco Firepower Threat Defense (FTD)

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20181003-pi-tftp du 3 octobre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20181003-sd-wan-bypass du 3 octobre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20181003-hyperflex-secret du 3 octobre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20181003-webex-rce du 3 octobre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20181003-dna-unauth-access du 3 octobre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20181003-asa-dma-dos du 3 octobre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20181003-ftd-inspect-dos du 3 octobre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20181003-cpcp-password du 3 octobre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20181003-fp-smb-snort du 3 octobre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20181003-dna-auth-bypass du 3 octobre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eCisco Webex Business Suite WBS31 sites \u2013 Webex Network Recording Player et Webex Player toutes versions ant\u00e9rieures \u00e0 WBS31.23\u003c/li\u003e \u003cli\u003eCisco Webex Business Suite WBS32 sites \u2013 Webex Network Recording Player et Webex Player toutes versions ant\u00e9rieures \u00e0 WBS32.15.20\u003c/li\u003e \u003cli\u003eCisco Webex Business Suite WBS33 sites \u2013 Webex Network Recording Player et Webex Player toutes versions ant\u00e9rieures \u00e0 WBS33.4\u003c/li\u003e \u003cli\u003eCisco Webex Meetings Online \u2013 Webex Network Recording Player et Webex Player toutes versions ant\u00e9rieures \u00e0 1.3.37\u003c/li\u003e \u003cli\u003eCisco Webex Meetings Server \u2013 Webex Network Recording Player toutes versions ant\u00e9rieures \u00e0 3.0MR2 Patch 1\u003c/li\u003e \u003cli\u003eCisco SD-WAN Solution toutes versions ant\u00e9rieures \u00e0 17.2.8 et 18.3.1 ex\u00e9cut\u00e9es sur un des produits suivants : \u003cul\u003e \u003cli\u003eLogiciel vBond Orchestrator\u003c/li\u003e \u003cli\u003eRouteurs vEdge 100 Series\u003c/li\u003e \u003cli\u003eRouteurs vEdge 1000 Series\u003c/li\u003e \u003cli\u003eRouteurs vEdge 2000 Series\u003c/li\u003e \u003cli\u003eRouteurs vEdge 5000 Series\u003c/li\u003e \u003cli\u003eRouteurs vEdge Cloud Platform\u003c/li\u003e \u003cli\u003evManage Network Management Software\u003c/li\u003e \u003cli\u003evSmart Controller Software\u003c/li\u003e \u003c/ul\u003e \u003c/li\u003e \u003cli\u003eLogiciel Cisco PI versions 3.2 \u00e0 3.4 sans correctif de s\u00e9curit\u00e9 et avec le serveur TFTP actif\u003c/li\u003e \u003cli\u003eCisco HyperFlex versions ant\u00e9rieures \u00e0 3.5(1a).\u003c/li\u003e \u003cli\u003eCisco Firepower Threat Defense (FTD) versions 6.2.3.x ant\u00e9rieures \u00e0 6.2.3.4\u003c/li\u003e \u003cli\u003eCisco Firepower System\u003c/li\u003e \u003cli\u003eCisco DNA Center versions ant\u00e9rieures \u00e0 1.1.4\u003c/li\u003e \u003cli\u003eCisco Prime Collaboration Provisioning versions ant\u00e9rieures \u00e0 12.1\u003c/li\u003e \u003cli\u003eASA 5506-X avec le service FirePOWER\u00a0 ex\u00e9cutant une version vuln\u00e9rable du logiciel Cisco Adaptive Security Appliance (ASA) ou Cisco Firepower Threat Defense (FTD)\u003c/li\u003e \u003cli\u003eASA 5506H-X avec le service FirePOWER ex\u00e9cutant une version vuln\u00e9rable du logiciel Cisco Adaptive Security Appliance (ASA) ou Cisco Firepower Threat Defense (FTD)\u003c/li\u003e \u003cli\u003eASA 5506W-X avec le service FirePOWER ex\u00e9cutant une version vuln\u00e9rable du logiciel Cisco Adaptive Security Appliance (ASA) ou Cisco Firepower Threat Defense (FTD)\u003c/li\u003e \u003cli\u003eASA 5508-X avec le service FirePOWER ex\u00e9cutant une version vuln\u00e9rable du logiciel Cisco Adaptive Security Appliance (ASA) ou Cisco Firepower Threat Defense (FTD)\u003c/li\u003e \u003cli\u003eASA 5516-X avec le service FirePOWER ex\u00e9cutant une version vuln\u00e9rable du logiciel Cisco Adaptive Security Appliance (ASA) ou Cisco Firepower Threat Defense (FTD)\u003c/li\u003e \u003c/ul\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-15390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15390"
    },
    {
      "name": "CVE-2018-15383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15383"
    },
    {
      "name": "CVE-2018-15379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15379"
    },
    {
      "name": "CVE-2018-15386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15386"
    },
    {
      "name": "CVE-2018-15410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15410"
    },
    {
      "name": "CVE-2018-15382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15382"
    },
    {
      "name": "CVE-2018-15389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15389"
    },
    {
      "name": "CVE-2018-0448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0448"
    },
    {
      "name": "CVE-2018-0455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0455"
    },
    {
      "name": "CVE-2018-15409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15409"
    },
    {
      "name": "CVE-2018-15408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15408"
    },
    {
      "name": "CVE-2018-15387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15387"
    }
  ],
  "initial_release_date": "2018-10-04T00:00:00",
  "last_revision_date": "2018-10-04T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-468",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-10-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, une ex\u00e9cution de code\narbitraire et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181003-pi-tftp du 3 octobre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-pi-tftp"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181003-sd-wan-bypass du 3 octobre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-sd-wan-bypass"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181003-hyperflex-secret du 3 octobre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-hyperflex-secret"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181003-webex-rce du 3 octobre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181003-dna-unauth-access du 3 octobre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181003-asa-dma-dos du 3 octobre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-dma-dos"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181003-ftd-inspect-dos du 3 octobre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ftd-inspect-dos"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181003-cpcp-password du 3 octobre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181003-fp-smb-snort du 3 octobre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-fp-smb-snort"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181003-dna-auth-bypass du 3 octobre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-auth-bypass"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-15386 (GCVE-0-2018-15386)

GSD-2018-15386

FKIE_CVE-2018-15386

GHSA-9F8Q-CQ6P-JFGV

CNVD-2018-21926

CERTFR-2018-AVI-468

Solution

Tags

Sightings

Nomenclature