VDB-124887 · CVE-2018-15375 · Qualys 316336

Cisco IOS sur Cisco 800 Embedded Test Subsystem buffer overflow

Une vulnérabilité classée critique a été trouvée dans Cisco IOS sur Cisco 800 (Router Operating System). Ceci affecte une fonction inconnue du composant Embedded Test Subsystem. Mettre à jour élimine cette vulnérabilité.

Chronologie

Utilisateur

153

Domaine

vulnerability_discoverydate1
vulnerability_cvss3_nvd_basescore1
exploit_0day_days1
vulnerability_cvss3_vuldb_rc1
vulnerability_cvss3_vuldb_rl1

Commit Conf

100%59
90%8

Approve Conf

100%59
90%8
IDEngagéUtilisateurDomaineChangementRemarquesAcceptéRaisonC
835070930/03/2020VulD...discoverydate153792000030/03/2020accepté
100
835077006/10/2018VulD...cvss3_nvd_basescore6.7nist.gov06/10/2018accepté
90
835076906/10/2018VulD...0day_days906/10/2018accepté
90
835076806/10/2018VulD...cvss3_vuldb_rcCsee CVSS documentation06/10/2018accepté
90
835076706/10/2018VulD...cvss3_vuldb_rlOsee CVSS documentation06/10/2018accepté
90
835076606/10/2018VulD...cvss3_vuldb_eXsee CVSS documentation06/10/2018accepté
90
835076506/10/2018VulD...cvss2_vuldb_rcCsee CVSS documentation06/10/2018accepté
90
835076406/10/2018VulD...cvss2_vuldb_rlOFsee CVSS documentation06/10/2018accepté
90
835076306/10/2018VulD...cvss2_vuldb_eNDsee CVSS documentation06/10/2018accepté
90
835076106/10/2018VulD...seealso12488806/10/2018accepté
100
835076006/10/2018VulD...qualys_titleCisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Arbitrary Memory Write Vulnerabilities(cisco-sa-20180926-ir800-memwrite)qualys.com06/10/2018accepté
100
835075906/10/2018VulD...qualys_id316336qualys.com06/10/2018accepté
100
835075806/10/2018VulD...oval_idoval:org.cisecurity:def:5783cisecurity.org06/10/2018accepté
100
835075706/10/2018VulD...cve_nvd_summaryA vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device.cve.org06/10/2018accepté
100
835075606/10/2018VulD...cve_nvd_published1538697600cve.org06/10/2018accepté
100
835075506/10/2018VulD...cve_assigned1534456800 (17/08/2018)cve.org06/10/2018accepté
100
835075406/10/2018VulD...cveCVE-2018-15375cve.org06/10/2018accepté
100
835075306/10/2018VulD...nameUpgrade06/10/2018accepté
100
835075206/10/2018VulD...price_0day$5k-$25ksee exploit price documentation06/10/2018accepté
100

47 plus d'entrées ne sont pas affichées

Interested in the pricing of exploits?

See the underground prices here!