CVE-2018-0238

Severity Score

9.9

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in the UCS Director end-user portal and perform any permitted operations on any virtual machine. The permitted operations can be configured for the end user on the virtual machines with either of the following settings: The virtual machine is associated to a Virtual Data Center (VDC) that has an end user self-service policy attached to the VDC. The end user role has VM Management Actions settings configured under User Permissions. This is a global configuration, so all the virtual machines visible in the end-user portal will have the VM management actions available. The vulnerability is due to improper user authentication checks. An attacker could exploit this vulnerability by logging in to the UCS Director with a modified username and valid password. A successful exploit could allow the attacker to gain visibility into and perform actions against all virtual machines in the UCS Director end-user portal of the affected system. This vulnerability affects Cisco Unified Computing System (UCS) Director releases 6.0 and 6.5 prior to patch 3 that are in a default configuration. Cisco Bug IDs: CSCvh53501.

Una vulnerabilidad en la funcionalidad de comprobación de recursos basada en roles de Cisco Unified Computing System (UCS) Director podría permitir que un atacante remoto autenticado vea información no autorizada para cualquier máquina virtual en el portal de usuario final de UCS Director y realice cualquier operación permitida en cualquier máquina virtual. Las operaciones permitidas pueden configurarse para el usuario final en las máquinas virtuales con una de las siguientes configuraciones: La máquina virtual está asociada a un VDC (Virtual Data Center) que tiene una política de autoservicio del usuario final adjunta al VDC. El rol de usuario final tiene las opciones de VM Management Action en User Permissions. Esta configuración es global, por lo que todas las máquinas virtuales visibles en el portal del usuario final tendrán acciones de gestión de VM disponibles. Esta vulnerabilidad se debe a comprobaciones de autenticación de usuario incorrectas. Un atacante podría explotar esta vulnerabilidad iniciando sesión en el UCS Director con un nombre de usuario modificado y una contraseña válida. Su explotación con éxito podría permitir que el atacante obtenga visibilidad y realice acciones en todas las máquinas virtuales del portal del usuario final de UCS Director del sistema afectado. Esta vulnerabilidad afecta a Cisco Unified Computing System (UCS) Director releases 6.0 y 6.5 anteriores al patch 3, si tienen la configuración por defecto. Cisco Bug IDs: CSCvh53501.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-11-27 CVE Reserved
2018-04-19 CVE Published
2024-06-14 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/103919	Third Party Advisory
http://www.securitytracker.com/id/1040708	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-uscd	2019-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Unified Computing System Director Search vendor "Cisco" for product "Unified Computing System Director"				6.5\(0.0\) Search vendor "Cisco" for product "Unified Computing System Director" and version "6.5\(0.0\)"		-		Affected
Cisco Search vendor "Cisco"		Unified Computing System Director Search vendor "Cisco" for product "Unified Computing System Director"				6.5\(0.1\) Search vendor "Cisco" for product "Unified Computing System Director" and version "6.5\(0.1\)"		-		Affected