CVE-2018-0392

Published Jul 18, 2018

Last updated 5 years ago

CVSS medium 5.5

Overview

Description: A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user. The vulnerability is due to insufficient access control permissions (i.e., World-Readable). An attacker could exploit this vulnerability by logging in to the CLI. An exploit could allow the attacker to access potentially sensitive files that are owned by a different user. Cisco Bug IDs: CSCvh18087.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-732
ykramarz@cisco.com: CWE-275

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:mobility_services_engine_3365:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "58C04A11-DE52-4BD5-B0E8-629837F8F934"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:mobility_services_engine_3365_firmware:14.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F918A9C-3D92-4A2C-9375-8B0EB80BB150"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:mobility_services_engine_3355:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0CE73E74-7EF8-46C3-B467-798A3B7B186D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:mobility_services_engine_3355_firmware:14.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CF23C6F-9AA5-4A55-B19C-0826F0B0F372"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:mobility_services_engine_3310:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "26E716CE-0D6F-477D-AC26-647626C8C62D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:mobility_services_engine_3310_firmware:14.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F48822A-FA65-49A0-ABFD-365CC3A3546D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References