CVE-2018-0152

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability exists because the affected software does not reset the privilege level for each web UI session. An attacker who has valid credentials for an affected device could exploit this vulnerability by remotely accessing a VTY line to the device. A successful exploit could allow the attacker to access an affected device with the privileges of the user who previously logged in to the web UI. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the HTTP Server feature is enabled and authentication, authorization, and accounting (AAA) authorization is not configured for EXEC sessions. The default state of the HTTP Server feature is version-dependent. This vulnerability was introduced in Cisco IOS XE Software Release 16.1.1. Cisco Bug IDs: CSCvf71769.

Una vulnerabilidad en la interfaz de usuario web de Cisco IOS XE Software podría permitir que un atacante remoto autenticado consiga privilegios elevados en un dispositivo afectado. Esta vulnerabilidad existe debido a que el software afectado no restablece el nivel de privilegios para cada sesión de interfaz de usuario web. Un atacante con credenciales válidas para un dispositivo afectado podría explotar esta vulnerabilidad accediendo a una línea VTY al dispositivo de forma remota. Un exploit con éxito podría permitir que el atacante acceda a un dispositivo afectado con los privilegios del usuario que inició sesión anteriormente en la interfaz de usuario web. Esta vulnerabilidad afecta a los dispositivos de Cisco que ejecuten una distribución vulnerable de Cisco IOS XE Software, si la característica HTTP Server está habilitada para el dispositivo y el protocolo autenticación, autorización y contabilidad (AAA) no está configurado para sesiones EXEC. El estado por defecto de la característica HTTP Server depende de cada versión. Esta vulnerabilidad se introdujo en Cisco IOS XE Software Release 16.1.1. Cisco Bug IDs: CSCvf71769.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-11-27 CVE Reserved
2018-03-28 CVE Published
2024-05-23 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls
CWE-613: Insufficient Session Expiration

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/103558	Third Party Advisory
http://www.securitytracker.com/id/1040597	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xepriv	2019-12-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				16.1.1 Search vendor "Cisco" for product "Ios Xe" and version "16.1.1"		-		Affected