CVE-2018-0263
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471.
Una vulnerabilidad en Cisco Meeting Server (CMS) podría permitir que un atacante adyacente no autenticado acceda a servicios que se ejecutan en interfaces internas del dispositivo en un sistema afectado. La vulnerabilidad se debe a la configuración por defecto incorrecta del dispositivo, que puede exponer interfaces internas y puertos en la interfaz externa del sistema. Su explotación con éxito podría permitir que el atacante obtenga acceso no autenticado a archivos de configuración y base de datos, así como a información sensible de reuniones en un sistema afectado. Esta vulnerabilidad afecta a las plataformas Cisco Meeting Server (CMS) 2000 que ejecutan una versión de CMS Software anterior a la 2.2.13 o la 2.3.4. Cisco Bug IDs: CSCvg76471.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-11-27 CVE Reserved
- 2018-06-07 CVE Published
- 2023-12-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-16: Configuration
- CWE-1188: Initialization of a Resource with an Insecure Default
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/104419 | Third Party Advisory | |
http://www.securitytracker.com/id/1041065 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id | 2020-09-04 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | < 2.2.13 Search vendor "Cisco" for product "Meeting Server" and version " < 2.2.13" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | < 2.3.4 Search vendor "Cisco" for product "Meeting Server" and version " < 2.3.4" | - |
Affected
|