var-201810-0568
Vulnerability from variot
A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device. Cisco 807, 809, and 829 Industrial Integrated ServicesRouter are all Cisco router products. IOS Software is the operating system that Cisco runs for its network devices
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0568",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "15.5\\(2.21\\)t"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "15.6\\(3\\)m"
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "809industrial integrated services router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "807industrial integrated services router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "829industrial integrated services router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20771"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011565"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1266"
},
{
"db": "NVD",
"id": "CVE-2018-15376"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ios",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011565"
}
]
},
"cve": "CVE-2018-15376",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-15376",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-20771",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-125629",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2018-15376",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-15376",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-15376",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-20771",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1266",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-125629",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-15376",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20771"
},
{
"db": "VULHUB",
"id": "VHN-125629"
},
{
"db": "VULMON",
"id": "CVE-2018-15376"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011565"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1266"
},
{
"db": "NVD",
"id": "CVE-2018-15376"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device. Cisco 807, 809, and 829 Industrial Integrated ServicesRouter are all Cisco router products. IOS Software is the operating system that Cisco runs for its network devices",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15376"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011565"
},
{
"db": "CNVD",
"id": "CNVD-2018-20771"
},
{
"db": "VULHUB",
"id": "VHN-125629"
},
{
"db": "VULMON",
"id": "CVE-2018-15376"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-15376",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011565",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1266",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-20771",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2018.2903.2",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-125629",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-15376",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20771"
},
{
"db": "VULHUB",
"id": "VHN-125629"
},
{
"db": "VULMON",
"id": "CVE-2018-15376"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011565"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1266"
},
{
"db": "NVD",
"id": "CVE-2018-15376"
}
]
},
"id": "VAR-201810-0568",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20771"
},
{
"db": "VULHUB",
"id": "VHN-125629"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20771"
}
]
},
"last_update_date": "2024-11-23T21:38:16.321000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20180926-ir800-memwrite",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ir800-memwrite"
},
{
"title": "Cisco IOS Software for Cisco800 SeriesIndustrialIntegratedServicesRouters Patch for Any Memory Write Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/142171"
},
{
"title": "Cisco 807 , 809 and 829 Industrial Integrated Services Router IOS Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85275"
},
{
"title": "Cisco: Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Arbitrary Memory Write Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20180926-ir800-memwrite"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20771"
},
{
"db": "VULMON",
"id": "CVE-2018-15376"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011565"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1266"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-123",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125629"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011565"
},
{
"db": "NVD",
"id": "CVE-2018-15376"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-ir800-memwrite"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15376"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15376"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-ir800-memwri"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-ptp"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2018.2903.2/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/123.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20771"
},
{
"db": "VULHUB",
"id": "VHN-125629"
},
{
"db": "VULMON",
"id": "CVE-2018-15376"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011565"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1266"
},
{
"db": "NVD",
"id": "CVE-2018-15376"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-20771"
},
{
"db": "VULHUB",
"id": "VHN-125629"
},
{
"db": "VULMON",
"id": "CVE-2018-15376"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011565"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1266"
},
{
"db": "NVD",
"id": "CVE-2018-15376"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20771"
},
{
"date": "2018-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-125629"
},
{
"date": "2018-10-05T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15376"
},
{
"date": "2019-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011565"
},
{
"date": "2018-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1266"
},
{
"date": "2018-10-05T14:29:06.777000",
"db": "NVD",
"id": "CVE-2018-15376"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20771"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-125629"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15376"
},
{
"date": "2019-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011565"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1266"
},
{
"date": "2024-11-21T03:50:39.360000",
"db": "NVD",
"id": "CVE-2018-15376"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1266"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco 800 Series Industrial Integrated Services Routers of Cisco IOS Vulnerability related to the state where arbitrary values can be written to arbitrary locations in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011565"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1266"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.