Lucene search

K
cveCiscoCVE-2018-0278
HistoryMay 02, 2018 - 10:29 p.m.

CVE-2018-0278

2018-05-0222:29:00
CWE-200
CWE-863
cisco
web.nvd.nist.gov
46
cve-2018-0278
cisco
firepower
system software
vulnerability
remote attacker
sensitive data
cross-origin domain protections
websocket protocol
exploit
session cookie
policy information
configuration information
nvd
cisco bug ids
cscvh68311

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.002

Percentile

53.5%

A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this vulnerability by convincing a user to visit a malicious website designed to send requests to the affected application while the user is logged into the application with an active session cookie. A successful exploit could allow the attacker to retrieve policy or configuration information from the affected software and to perform another attack against the management console. Cisco Bug IDs: CSCvh68311.

Affected configurations

Nvd
Node
ciscofirepower_management_centerMatch6.1.0
OR
ciscofirepower_management_centerMatch6.2.0
OR
ciscofirepower_management_centerMatch6.2.1
OR
ciscofirepower_management_centerMatch6.2.2
OR
ciscofirepower_management_centerMatch6.2.3
VendorProductVersionCPE
ciscofirepower_management_center6.1.0cpe:2.3:a:cisco:firepower_management_center:6.1.0:*:*:*:*:*:*:*
ciscofirepower_management_center6.2.0cpe:2.3:a:cisco:firepower_management_center:6.2.0:*:*:*:*:*:*:*
ciscofirepower_management_center6.2.1cpe:2.3:a:cisco:firepower_management_center:6.2.1:*:*:*:*:*:*:*
ciscofirepower_management_center6.2.2cpe:2.3:a:cisco:firepower_management_center:6.2.2:*:*:*:*:*:*:*
ciscofirepower_management_center6.2.3cpe:2.3:a:cisco:firepower_management_center:6.2.3:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Cisco Firepower System Software",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Firepower System Software"
      }
    ]
  }
]

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.002

Percentile

53.5%

Related for CVE-2018-0278