CVE-2018-0262 - OpenCVE

Vendors	Products
Cisco	Meeting Server

Link	Resource
http://www.securityfocus.com/bid/104079	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040819	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-cms-cx	Vendor Advisory

{"containers": {"cna": {"affected": [{"product": "Cisco Meeting Server", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Meeting Server"}]}], "datePublic": "2018-05-02T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files as well as sensitive meeting information on an affected system. Additionally, if the Traversal Using Relay NAT (TURN) service is enabled and utilizing Transport Layer Security (TLS) connections, an attacker could utilize TURN credentials to forward traffic to device daemons, allowing for remote exploitation. This vulnerability affects Cisco Meeting Server (CMS) Acano X-series platforms that are running a CMS Software release prior to 2.2.11. Cisco Bug IDs: CSCvg76469."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-16", "description": "CWE-16", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-05-05T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1040819", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040819"}, {"name": "104079", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104079"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-cms-cx"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2018-0262", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Meeting Server", "version": {"version_data": [{"version_value": "Cisco Meeting Server"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files as well as sensitive meeting information on an affected system. Additionally, if the Traversal Using Relay NAT (TURN) service is enabled and utilizing Transport Layer Security (TLS) connections, an attacker could utilize TURN credentials to forward traffic to device daemons, allowing for remote exploitation. This vulnerability affects Cisco Meeting Server (CMS) Acano X-series platforms that are running a CMS Software release prior to 2.2.11. Cisco Bug IDs: CSCvg76469."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-16"}]}]}, "references": {"reference_data": [{"name": "1040819", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040819"}, {"name": "104079", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104079"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-cms-cx", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-cms-cx"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0262", "datePublished": "2018-05-02T22:00:00", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2018-05-05T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:meeting_server:1.9:*:*:*:*:*:*:*", "matchCriteriaId": "B8F666C0-4AD4-4F44-B705-3607EB961A69", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "EB0F4CF7-87D8-43D2-9C66-717A2939C374", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "08EB74B6-570C-49D9-8C53-8944618E99C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D54E7F1E-A9DB-4192-AC10-B778D2A5D079", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "4A51C118-1785-4E1D-B4C5-F3DEA92AE952", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "6A3F0329-4C57-4E10-94BB-7F5CCA043085", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files as well as sensitive meeting information on an affected system. Additionally, if the Traversal Using Relay NAT (TURN) service is enabled and utilizing Transport Layer Security (TLS) connections, an attacker could utilize TURN credentials to forward traffic to device daemons, allowing for remote exploitation. This vulnerability affects Cisco Meeting Server (CMS) Acano X-series platforms that are running a CMS Software release prior to 2.2.11. Cisco Bug IDs: CSCvg76469."}, {"lang": "es", "value": "Una vulnerabilidad en Cisco Meeting Server podr\u00eda permitir que un atacante remoto no autenticado obtenga acceso no autorizado a los componentes o a informaci\u00f3n sensible de un sistema afectado, lo que conduce a la ejecuci\u00f3n remota de c\u00f3digo. La vulnerabilidad se debe a la configuraci\u00f3n por defecto incorrecta del dispositivo, que puede exponer interfaces internas y puertos en la interfaz externa del sistema. Un exploit con \u00e9xito podr\u00eda permitir que el atacante obtenga acceso no autenticado a archivos de configuraci\u00f3n y base de datos, as\u00ed como a informaci\u00f3n sensible de reuniones en un sistema afectado. Adem\u00e1s, si el servicio TURN (Traversal Using Relay NAT) est\u00e1 activado y emplea conexiones TLS (Transport Layer Security), un atacante podr\u00eda utilizar credenciales TURN para reenviar tr\u00e1fico a los demonios del dispositivo, lo que permite su explotaci\u00f3n remota. Esta vulnerabilidad afecta a las plataformas Cisco Meeting Server (CMS) Acano X-series que ejecutan una versi\u00f3n de CMS Software anterior a la 2.2.11. Cisco Bug IDs: CSCvg76469."}], "id": "CVE-2018-0262", "lastModified": "2019-10-09T23:31:35.927", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-02T22:29:00.857", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104079"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040819"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-cms-cx"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-16"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

JSON object

JSON object

JSON object