Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2018-0449
HistoryJan 10, 2019 - 4:29 p.m.

CVE-2018-0449

2019-01-1016:29:00
CWE-275
CWE-732
[email protected]
web.nvd.nist.gov
27
cisco
jabber
mac client
vulnerability
local attacker
arbitrary files
directory permissions
nvd
cve-2018-0449

4.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

4.5 Medium

AI Score

Confidence

High

3.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to corrupt arbitrary files on an affected device that has elevated privileges. The vulnerability exists due to insecure directory permissions set on a JCF created directory. An authenticated attacker with the ability to access an affected directory could create a hard link to an arbitrary location on the affected system. An attacker could convince another user that has administrative privileges to perform an install or update the Cisco Jabber for Mac client to perform such actions, allowing files to be created in an arbitrary location on the disk or an arbitrary file to be corrupted when it is appended to or overwritten.

Affected configurations

NVD
Node
ciscojabberMatch12.1\(0\)mac_os_x
CPENameOperatorVersion
cisco:jabbercisco jabbereq12.1\(0\)

CNA Affected

[
  {
    "product": "Cisco Jabber for Mac ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Related

cisco 1
prion 1
cvelist 1
nvd 1
cisco
cisco
Cisco Jabber Client Framework Insecure Directory Permissions Vulnerability
2019-01-09 16:00:00
prion
prion
Hardcoded credentials
2019-01-10 16:29:00
cvelist
cvelist
CVE-2018-0449 Cisco Jabber Client Framework Insecure Directory Permissions Vulnerability
2019-01-09 00:00:00
nvd
nvd
CVE-2018-0449
2019-01-10 16:29:00

4.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

4.5 Medium

AI Score

Confidence

High

3.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON
Related for CVE-2018-0449
cisco1prion1cvelist1nvd1