CVE-2018-0110

Severity Score

8.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which would not disable access to specifically configured user accounts, even after access had been disabled in the web application. An attacker could exploit this vulnerability by connecting to the remote support account, even after it had been disabled at the web application level. An exploit could allow the attacker to modify server configuration and gain access to customer data. Cisco Bug IDs: CSCvg46741.

Una vulnerabilidad en Cisco WebEx Meetings Server podría permitir que un atacante remoto autenticado acceda a la cuenta de soporte remota incluso después de haberla desactivado mediante la aplicación web. La vulnerabilidad se debe a un fallo de diseño en Cisco WebEx Meetings Server, el cual no deshabilitaría el acceso a cuentas de usuario configuradas específicamente, incluso después de que se haya deshabilitado el acceso en la aplicación web. Un atacante podría explotar esta vulnerabilidad conectándose a la cuenta de soporte remoto, incluso después de que se haya deshabilitado a nivel de aplicación web. Su explotación podría permitir que el atacante modifique la configuración del servidor y obtenga acceso a los datos del sistema. Cisco Bug IDs: CSCvg46741.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-11-27 CVE Reserved
2018-01-18 CVE Published
2024-03-15 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-254: 7PK - Security Features
CWE-863: Incorrect Authorization

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/102773	Third Party Advisory
http://www.securitytracker.com/id/1040236	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms2	2019-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server"				*		-		Affected