cnvd - cnvd-2018-22758

cnvd-2018-22758

Vulnerability from cnvd

Title: Cisco Stealthwatch Management Console份验证绕过漏洞

Description:

Cisco Stealthwatch Management Console是cisco公司推出的数据采集分析设备。

Cisco Stealthwatch Management Console存在份验证绕过漏洞，该漏洞是由于系统配置不安全造成的。攻击者可以通过向目标应用程序发送精心设计的HTTP请求来利用此漏洞。利用漏洞可能允许攻击者获得未经身份验证的访问，从而导致SMC中的权限提升。

Severity: 高

Patch Name: Cisco Stealthwatch Management Console份验证绕过漏洞的补丁

Patch Description:

Cisco Stealthwatch Management Console是cisco公司推出的数据采集分析设备。

Cisco Stealthwatch Management Console存在份验证绕过漏洞，该漏洞是由于系统配置不安全造成的。攻击者可以通过向目标应用程序发送精心设计的HTTP请求来利用此漏洞。利用漏洞可能允许攻击者获得未经身份验证的访问，从而导致SMC中的权限提升。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

思科发布了解决此漏洞的软件更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-smc-auth-bypass

Reference: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-smc-auth-bypass

Impacted products

Name
Cisco Stealthwatch Enterprise <=6.10.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-15394"
    }
  },
  "description": "Cisco Stealthwatch Management Console\u662fcisco\u516c\u53f8\u63a8\u51fa\u7684\u6570\u636e\u91c7\u96c6\u5206\u6790\u8bbe\u5907\u3002\n\nCisco Stealthwatch Management Console\u5b58\u5728\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u7cfb\u7edf\u914d\u7f6e\u4e0d\u5b89\u5168\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5411\u76ee\u6807\u5e94\u7528\u7a0b\u5e8f\u53d1\u9001\u7cbe\u5fc3\u8bbe\u8ba1\u7684HTTP\u8bf7\u6c42\u6765\u5229\u7528\u6b64\u6f0f\u6d1e\u3002\u5229\u7528\u6f0f\u6d1e\u53ef\u80fd\u5141\u8bb8\u653b\u51fb\u8005\u83b7\u5f97\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8bbf\u95ee\uff0c\u4ece\u800c\u5bfc\u81f4SMC\u4e2d\u7684\u6743\u9650\u63d0\u5347\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u601d\u79d1\u53d1\u5e03\u4e86\u89e3\u51b3\u6b64\u6f0f\u6d1e\u7684\u8f6f\u4ef6\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-smc-auth-bypass",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-22758",
  "openTime": "2018-11-08",
  "patchDescription": "Cisco Stealthwatch Management Console\u662fcisco\u516c\u53f8\u63a8\u51fa\u7684\u6570\u636e\u91c7\u96c6\u5206\u6790\u8bbe\u5907\u3002\r\n\r\nCisco Stealthwatch Management Console\u5b58\u5728\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u7cfb\u7edf\u914d\u7f6e\u4e0d\u5b89\u5168\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5411\u76ee\u6807\u5e94\u7528\u7a0b\u5e8f\u53d1\u9001\u7cbe\u5fc3\u8bbe\u8ba1\u7684HTTP\u8bf7\u6c42\u6765\u5229\u7528\u6b64\u6f0f\u6d1e\u3002\u5229\u7528\u6f0f\u6d1e\u53ef\u80fd\u5141\u8bb8\u653b\u51fb\u8005\u83b7\u5f97\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8bbf\u95ee\uff0c\u4ece\u800c\u5bfc\u81f4SMC\u4e2d\u7684\u6743\u9650\u63d0\u5347\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Stealthwatch Management Console\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Stealthwatch Enterprise \u003c=6.10.2"
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-smc-auth-bypass",
  "serverity": "\u9ad8",
  "submitTime": "2018-11-08",
  "title": "Cisco Stealthwatch Management Console\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2018-15394 (GCVE-0-2018-15394)

Vulnerability from cvelistv5

Published

2018-11-08 17:00

Modified

2024-11-26 14:22

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-284

Summary

A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to gain unauthenticated access, resulting in elevated privileges in the SMC.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-smc-auth-bypass	vendor-advisory, x_refsource_CISCO
	http://www.securityfocus.com/bid/105853	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Stealthwatch Enterprise	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:54:03.486Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20181107 Cisco Stealthwatch Management Console Authentication Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-smc-auth-bypass"
          },
          {
            "name": "105853",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105853"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-15394",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-25T18:54:43.432092Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T14:22:36.820Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Stealthwatch Enterprise",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-11-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to gain unauthenticated access, resulting in elevated privileges in the SMC."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-09T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20181107 Cisco Stealthwatch Management Console Authentication Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-smc-auth-bypass"
        },
        {
          "name": "105853",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105853"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20181107-smc-auth-bypass",
        "defect": [
          [
            "CSCvk52848"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Stealthwatch Management Console Authentication Bypass Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2018-11-07T16:00:00-0600",
          "ID": "CVE-2018-15394",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Stealthwatch Management Console Authentication Bypass Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Stealthwatch Enterprise",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to gain unauthenticated access, resulting in elevated privileges in the SMC."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "9.8",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20181107 Cisco Stealthwatch Management Console Authentication Bypass Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-smc-auth-bypass"
            },
            {
              "name": "105853",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105853"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20181107-smc-auth-bypass",
          "defect": [
            [
              "CSCvk52848"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-15394",
    "datePublished": "2018-11-08T17:00:00Z",
    "dateReserved": "2018-08-17T00:00:00",
    "dateUpdated": "2024-11-26T14:22:36.820Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted