cnvd - cnvd-2018-09383

cnvd-2018-09383

Vulnerability from cnvd

Title: Cisco Identity Services Engine配置错误漏洞

Description:

Cisco Identity Services Engine（ISE）是美国思科（Cisco）公司的一款基于身份的环境感知平台（ISE身份服务引擎）。该平台通过收集网络、用户和设备中的实时信息，制定并实施相应策略来监管网络。

Cisco ISE 2.2.0.470之前版本中的support tunnel功能存在配置错误漏洞，该漏洞源于程序未能正确的配置support tunnel功能。本地攻击者可通过诱使设备解锁support用户账户并访问通道密码和设备系列号利用该漏洞以root权限运行任意系统命令。

Severity: 高

Patch Name: Cisco Identity Services Engine配置错误漏洞的补丁

Patch Description:

Cisco ISE 2.2.0.470之前版本中的support tunnel功能存在配置错误漏洞，该漏洞源于程序未能正确的配置support tunnel功能。本地攻击者可通过诱使设备解锁support用户账户并访问通道密码和设备系列号利用该漏洞以root权限运行任意系统命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf54409

Reference: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise

Impacted products

Name
Cisco Identity Services Engine（ISE） <2.2.0.470

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0275",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0275"
    }
  },
  "description": "Cisco Identity Services Engine\uff08ISE\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8e\u8eab\u4efd\u7684\u73af\u5883\u611f\u77e5\u5e73\u53f0\uff08ISE\u8eab\u4efd\u670d\u52a1\u5f15\u64ce\uff09\u3002\u8be5\u5e73\u53f0\u901a\u8fc7\u6536\u96c6\u7f51\u7edc\u3001\u7528\u6237\u548c\u8bbe\u5907\u4e2d\u7684\u5b9e\u65f6\u4fe1\u606f\uff0c\u5236\u5b9a\u5e76\u5b9e\u65bd\u76f8\u5e94\u7b56\u7565\u6765\u76d1\u7ba1\u7f51\u7edc\u3002\r\n\r\nCisco ISE 2.2.0.470\u4e4b\u524d\u7248\u672c\u4e2d\u7684support tunnel\u529f\u80fd\u5b58\u5728\u914d\u7f6e\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u914d\u7f6esupport tunnel\u529f\u80fd\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u8bbe\u5907\u89e3\u9501support\u7528\u6237\u8d26\u6237\u5e76\u8bbf\u95ee\u901a\u9053\u5bc6\u7801\u548c\u8bbe\u5907\u7cfb\u5217\u53f7\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5root\u6743\u9650\u8fd0\u884c\u4efb\u610f\u7cfb\u7edf\u547d\u4ee4\u3002",
  "discovererName": "Unknow",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf54409",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-09383",
  "openTime": "2018-05-14",
  "patchDescription": "Cisco Identity Services Engine\uff08ISE\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8e\u8eab\u4efd\u7684\u73af\u5883\u611f\u77e5\u5e73\u53f0\uff08ISE\u8eab\u4efd\u670d\u52a1\u5f15\u64ce\uff09\u3002\u8be5\u5e73\u53f0\u901a\u8fc7\u6536\u96c6\u7f51\u7edc\u3001\u7528\u6237\u548c\u8bbe\u5907\u4e2d\u7684\u5b9e\u65f6\u4fe1\u606f\uff0c\u5236\u5b9a\u5e76\u5b9e\u65bd\u76f8\u5e94\u7b56\u7565\u6765\u76d1\u7ba1\u7f51\u7edc\u3002\r\n\r\nCisco ISE 2.2.0.470\u4e4b\u524d\u7248\u672c\u4e2d\u7684support tunnel\u529f\u80fd\u5b58\u5728\u914d\u7f6e\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u914d\u7f6esupport tunnel\u529f\u80fd\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u8bbe\u5907\u89e3\u9501support\u7528\u6237\u8d26\u6237\u5e76\u8bbf\u95ee\u901a\u9053\u5bc6\u7801\u548c\u8bbe\u5907\u7cfb\u5217\u53f7\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5root\u6743\u9650\u8fd0\u884c\u4efb\u610f\u7cfb\u7edf\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Identity Services Engine\u914d\u7f6e\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Identity Services Engine\uff08ISE\uff09 \u003c2.2.0.470"
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise",
  "serverity": "\u9ad8",
  "submitTime": "2018-05-11",
  "title": "Cisco Identity Services Engine\u914d\u7f6e\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2018-0275 (GCVE-0-2018-0275)

Vulnerability from cvelistv5

Published

2018-04-19 20:00

Modified

2024-11-29 15:14

Severity ?

CWE

CWE-16

Summary

A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the attacker to run any system command with root access. This affects Cisco Identity Services Engine (ISE) software versions prior to 2.2.0.470. Cisco Bug IDs: CSCvf54409.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1040717	vdb-entry, x_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cisco Identity Services Engine	Version: Cisco Identity Services Engine

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:15.366Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040717",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040717"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0275",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:42:51.587286Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T15:14:15.712Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Identity Services Engine",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Identity Services Engine"
            }
          ]
        }
      ],
      "datePublic": "2018-04-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device\u0027s shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the attacker to run any system command with root access. This affects Cisco Identity Services Engine (ISE) software versions prior to 2.2.0.470. Cisco Bug IDs: CSCvf54409."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-16",
              "description": "CWE-16",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-20T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1040717",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040717"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0275",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Identity Services Engine",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Identity Services Engine"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device\u0027s shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the attacker to run any system command with root access. This affects Cisco Identity Services Engine (ISE) software versions prior to 2.2.0.470. Cisco Bug IDs: CSCvf54409."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-16"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040717",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040717"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0275",
    "datePublished": "2018-04-19T20:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-29T15:14:15.712Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted