Cisco Network Services Orchestrator Network Plug/Play تجاوز الصلاحيات

مجال06/10/2018 07:5030/03/2020 10:39
vendorCiscoCisco
nameNetwork Services OrchestratorNetwork Services Orchestrator
componentNetwork Plug/PlayNetwork Plug/Play
risk22
historic00
cvss2_vuldb_basescore6.86.8
cvss2_vuldb_tempscore5.95.9
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss3_meta_basescore7.47.4
cvss3_meta_tempscore7.17.1
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore7.07.0
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
date1538690400 (05/10/2018)1538690400 (05/10/2018)
locationWebsiteWebsite
typeAdvisoryAdvisory
urlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nso-infodishttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nso-infodis
identifiercisco-sa-20180905-nso-infodiscisco-sa-20180905-nso-infodis
price_0day$5k-$25k$5k-$25k
nameترقيةترقية
cveCVE-2018-0463CVE-2018-0463
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcCC
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss3_nvd_basescore7.57.5
cwe0264 (تجاوز الصلاحيات)
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iN
cvss3_nvd_aN
cve_assigned1511733600 (26/11/2017)
cve_nvd_published1538697600
cve_nvd_summaryA vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network Plug and Play component performs incomplete validation when configured to use secure unique device identifiers (SUDI) for authentication. An attacker who controls a Cisco device that supports SUDI authentication and has connectivity to an affected NSO system could exploit this vulnerability. The attacker would need to leverage information about the devices that are being registered on the NSO server to send crafted Cisco Network Plug and Play authentication packets to an affected system. A successful exploit could allow the attacker to gain unauthorized access to configuration data for devices that will be managed by the NSO system.

Do you want to use VulDB in your project?

Use the official API to access entries easily!