Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2018-0211
HistoryMar 08, 2018 - 7:29 a.m.

CVE-2018-0211

2018-03-0807:29:00
CWE-20
cisco
web.nvd.nist.gov
33
cve-2018-0211
cisco
identity services engine
vulnerability
cli commands
authenticated attacker
denial of service
dos
input validation
administrative privileges

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

5

Confidence

High

EPSS

0

Percentile

5.1%

JSON

A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service (DoS) condition. The device may need to be manually rebooted to recover. The vulnerability is due to lack of proper input validation of the CLI user input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and issuing a crafted, malicious CLI command on the targeted device. A successful exploit could allow the attacker to cause a DoS condition. The attacker must have valid administrative privileges on the device to exploit this vulnerability. Cisco Bug IDs: CSCvf63414, CSCvh51992.

Affected configurations

Nvd
Node
ciscoidentity_services_engineMatch2.1\(0.474\)
OR
ciscoidentity_services_engineMatch2.2\(1.145\)
OR
ciscoidentity_services_engineMatch2.4\(0.247\)
VendorProductVersionCPE
ciscoidentity_services_engine2.1(0.474)cpe:2.3:a:cisco:identity_services_engine:2.1\(0.474\):*:*:*:*:*:*:*
ciscoidentity_services_engine2.2(1.145)cpe:2.3:a:cisco:identity_services_engine:2.2\(1.145\):*:*:*:*:*:*:*
ciscoidentity_services_engine2.4(0.247)cpe:2.3:a:cisco:identity_services_engine:2.4\(0.247\):*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Cisco Identity Services Engine",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Identity Services Engine"
      }
    ]
  }
]

Related

cisco 1
prion 1
nvd 1
cvelist 1
cisco
cisco
Cisco Identity Services Engine Authenticated CLI Denial of Service Vulnerability
2018-03-07 16:00:00
prion
prion
Input validation
2018-03-08 07:29:00
nvd
nvd
CVE-2018-0211
2018-03-08 07:29:00
cvelist
cvelist
CVE-2018-0211
2018-03-08 07:00:00

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

5

Confidence

High

EPSS

0

Percentile

5.1%

JSON
Related for CVE-2018-0211
cisco1prion1nvd1cvelist1