CVE-2018-0371

Severity Score

6.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the Web Admin Interface of an affected Cisco Meeting Server. A successful exploit could allow the attacker to restart the system, terminating all ongoing calls and resulting in a DoS condition on the affected product. This vulnerability affects the following releases of Cisco Meeting Server: Acano X-Series, Cisco Meeting Server 1000, Cisco Meeting Server 2000. Cisco Bug IDs: CSCvi48624.

Una vulnerabilidad en la interfaz de administrador web en Cisco Meeting Server podría permitir que un atacante remoto autenticado provoque una condición de denegación de servicio (DoS). La vulnerabilidad se debe a una validación insuficiente de las peticiones HTTP entrantes. Un atacante podría explotar esta vulnerabilidad enviando una petición HTTP manipulada a la interfaz de administrador web de un Cisco Meeting Server afectado. Su explotación con éxito podría permitir que el atacante reinicie el sistema, finalice todas las llamadas que se estén realizando y provocando una denegación de servicio (DoS) en el producto afectado. Esta vulnerabilidad afecta a los siguientes lanzamientos de Cisco Meeting Server: Acano X-Series, Cisco Meeting Server 1000 y Cisco Meeting Server 2000. Cisco Bug IDs: CSCvi48624.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-11-27 CVE Reserved
2018-06-21 CVE Published
2023-11-12 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/104582	Third Party Advisory
http://www.securitytracker.com/id/1041175	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-meeting-server-dos	2019-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Meeting Server Search vendor "Cisco" for product "Meeting Server"				2.2.5 Search vendor "Cisco" for product "Meeting Server" and version "2.2.5"		-		Affected