admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-29 05:56:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2018/CVE-2018-04xx/CVE-2018-0459.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

123 lines
4.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2018-0459",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2018-10-05T14:29:03.920",
"lastModified": "2019-10-09T23:32:07.943",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to cause an affected system to reboot or shut down. The vulnerability is due to insufficient server-side authorization checks. An attacker who is logged in to the web-based management interface as a low-privileged user could exploit this vulnerability by sending a crafted HTTP request. A successful exploit could allow the attacker to use the low-privileged user account to reboot or shut down the affected system."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de gesti\u00f3n web de Cisco Enterprise NFV Infrastructure Software (NFVIS) podr\u00eda permitir que un atacante remoto autenticado provoque que un sistema afectado se reinicio o se apague. La vulnerabilidad se debe a las comprobaciones insuficientes de autorizaci\u00f3n del lado del servidor. Un atacante que haya iniciado sesi\u00f3n en la interfaz de gesti\u00f3n web como un usuario con privilegios bajos podr\u00eda explotar esta vulnerabilidad enviando una petici\u00f3n HTTP manipulada. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante utilice la cuenta de usuario de privilegios bajos para reiniciar o apagar el sistema afectado."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:network_functions_virtualization_infrastructure:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C078EED9-0EF7-4637-AB65-8373C0DD14DD"
}
]
}
]
}
],
"references": [
{
"url": "http://www.securityfocus.com/bid/105290",
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-dos",
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink