Lucene search

[email protected]CVE-2018-0329

HistoryJun 07, 2018 - 9:29 p.m.

CVE-2018-0329

2018-06-0721:29:00

CWE-798

[email protected]

web.nvd.nist.gov

cisco

waas

snmp

vulnerability

cve-2018-0329

nvd

security

exploit

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

55.0%

JSON

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded, read-only community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 2c queries to an affected device. A successful exploit could allow the attacker to read any data that is accessible via SNMP on the affected device. Note: The static credentials are defined in an internal configuration file and are not visible in the current operation configuration (‘running-config’) or the startup configuration (‘startup-config’). Cisco Bug IDs: CSCvi40137.

Affected configurations

NVD

Node

ciscowide_area_application_servicesMatch6.2\(3\)

ciscowide_area_application_servicesMatch6.4\(1\)

CPENameOperatorVersion
cisco:wide_area_application_servicescisco wide area application serviceseq6.2\(3\)
cisco:wide_area_application_servicescisco wide area application serviceseq6.4\(1\)

CPE	Name	Operator	Version
cisco:wide_area_application_services	cisco wide area application services	eq	6.2\(3\)
cisco:wide_area_application_services	cisco wide area application services	eq	6.4\(1\)

CNA Affected

[
  {
    "product": "Cisco Wide Area Application Services unknown",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Wide Area Application Services unknown"
      }
    ]
  }
]

References

www.securityfocus.com/bid/104590

www.securitytracker.com/id/1041078

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-snmp

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

55.0%

JSON

Related for CVE-2018-0329

prion1 nvd1 cisco1 cvelist1