Merge branch 'Cisco_CVE-2018-15446' of https://github.com/CiscoPSIRT/cvelist

2025-06-08 05:58:08 +00:00 · 2018-11-08 12:40:26 -05:00 · 2018-11-08 12:40:26 -05:00 · 744f047bf3
commit 744f047bf3
parent 4d3d187cdc 8b1684ed51
1 changed files with 84 additions and 16 deletions
--- a/2018/15xxx/CVE-2018-15446.json
+++ b/2018/15xxx/CVE-2018-15446.json
@ -1,8 +1,33 @@
 {
    "CVE_data_meta": {
-      "ASSIGNER" : "cve@mitre.org",
+        "ASSIGNER": "psirt@cisco.com",
+        "DATE_PUBLIC": "2018-11-07T16:00:00-0600",
        "ID": "CVE-2018-15446",
-      "STATE" : "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Cisco Meeting Server Information Disclosure Vulnerability"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Cisco Meeting Server ",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Cisco"
+                }
+            ]
+        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
@ -11,8 +36,51 @@
        "description_data": [
            {
                "lang": "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy mode. An attacker could exploit this vulnerability by sending meeting requests to an affected system. A successful exploit could allow the attacker to determine the values of meeting room unique identifiers, possibly allowing the attacker to conduct further exploits. "
+            }
+        ]
+    },
+    "exploit": [
+        {
+            "lang": "eng",
+            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
+        }
+    ],
+    "impact": {
+        "cvss": {
+            "baseScore": "5.3",
+            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N ",
+            "version": "3.0"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-200"
                    }
                ]
            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "20181107 Cisco Meeting Server Information Disclosure Vulnerability",
+                "refsource": "CISCO",
+                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meeting-server"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "cisco-sa-20181107-meeting-server",
+        "defect": [
+            [
+                "CSCvk16348"
+            ]
+        ],
+        "discovery": "INTERNAL"
+    }
 }