VDB-124886 · CVE-2018-15374 · BID 105415

Cisco IOS XE Digital Signature Verification authentification faible

Une vulnérabilité a été trouvé dans Cisco IOS XE (Router Operating System) et classée critique. Affecté par ce problème est une fonction inconnue du composant Digital Signature Verification. Mettre à jour élimine cette vulnérabilité.

Domaine06/10/2018 11:0430/03/2020 14:49
typeRouter Operating SystemRouter Operating System
vendorCiscoCisco
nameIOS XEIOS XE
componentDigital Signature VerificationDigital Signature Verification
cwe347 (authentification faible)347 (authentification faible)
risk22
historic00
cvss2_vuldb_basescore4.14.1
cvss2_vuldb_tempscore3.63.6
cvss2_vuldb_avLL
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avLL
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciCC
cvss2_nvd_iiCC
cvss2_nvd_aiCC
cvss3_meta_basescore6.06.0
cvss3_meta_tempscore5.75.7
cvss3_vuldb_basescore5.35.3
cvss3_vuldb_tempscore5.15.1
cvss3_vuldb_avLL
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_nvd_avLL
cvss3_nvd_acLL
cvss3_nvd_prHH
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
date1538690400 (05/10/2018)1538690400 (05/10/2018)
locationWebsiteWebsite
typeAdvisoryAdvisory
urlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-digsighttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-digsig
identifiercisco-sa-20180926-digsigcisco-sa-20180926-digsig
price_0day$5k-$25k$5k-$25k
nameUpgradeUpgrade
cveCVE-2018-15374CVE-2018-15374
cve_assigned1534456800 (17/08/2018)1534456800 (17/08/2018)
cve_nvd_published15386976001538697600
cve_nvd_summaryA vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures for software images and files that are uploaded to a device. An attacker could exploit this vulnerability by uploading a malicious software image or file to an affected device. A successful exploit could allow the attacker to bypass digital signature verification checks for software images and files and install a malicious software image or file on the affected device.A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures for software images and files that are uploaded to a device. An attacker could exploit this vulnerability by uploading a malicious software image or file to an affected device. A successful exploit could allow the attacker to bypass digital signature verification checks for software images and files and install a malicious software image or file on the affected device.
oval_idoval:org.cisecurity:def:5799oval:org.cisecurity:def:5799
securityfocus105415105415
securityfocus_titleCisco IOS XE Software CVE-2018-15374 Local Security Bypass VulnerabilityCisco IOS XE Software CVE-2018-15374 Local Security Bypass Vulnerability
qualys_id316332316332
qualys_titleCisco IOS XE Software Digital Signature Verification Bypass Vulnerability(cisco-sa-20180926-digsig)Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability(cisco-sa-20180926-digsig)
seealso124884 124883124884 124883
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcCC
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
0day_days99
cvss3_nvd_basescore6.76.7
discoverydate1537920000
company_nameCisco
securityfocus_date1537920000 (26/09/2018)
securityfocus_classDesign Error

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!