CVE-2018-0278 - OpenCVE

A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this vulnerability by convincing a user to visit a malicious website designed to send requests to the affected application while the user is logged into the application with an active session cookie. A successful exploit could allow the attacker to retrieve policy or configuration information from the affected software and to perform another attack against the management console. Cisco Bug IDs: CSCvh68311.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Firepower Management Center

Configuration 1 [-]

OR	cpe:2.3:a:cisco:firepower_management_center:6.1.0:::::::*
	cpe:2.3:a:cisco:firepower_management_center:6.2.0:::::::*
	cpe:2.3:a:cisco:firepower_management_center:6.2.1:::::::*
	cpe:2.3:a:cisco:firepower_management_center:6.2.2:::::::*
	cpe:2.3:a:cisco:firepower_management_center:6.2.3:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/104122	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-dos	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2018-05-02T22:00:00

Updated: 2018-05-10T09:57:01

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0278

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-05-02T22:29:00.967

Modified: 2020-09-04T18:33:00.137

Link: CVE-2018-0278

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Cisco Firepower System Software", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Firepower System Software"}]}], "datePublic": "2018-05-02T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this vulnerability by convincing a user to visit a malicious website designed to send requests to the affected application while the user is logged into the application with an active session cookie. A successful exploit could allow the attacker to retrieve policy or configuration information from the affected software and to perform another attack against the management console. Cisco Bug IDs: CSCvh68311."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-05-10T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-dos"}, {"name": "104122", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104122"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2018-0278", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Firepower System Software", "version": {"version_data": [{"version_value": "Cisco Firepower System Software"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this vulnerability by convincing a user to visit a malicious website designed to send requests to the affected application while the user is logged into the application with an active session cookie. A successful exploit could allow the attacker to retrieve policy or configuration information from the affected software and to perform another attack against the management console. Cisco Bug IDs: CSCvh68311."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200"}]}]}, "references": {"reference_data": [{"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-dos", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-dos"}, {"name": "104122", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104122"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0278", "datePublished": "2018-05-02T22:00:00", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2018-05-10T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2AC1B12A-A2EC-4C24-AEBC-944AE2939458", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "9641FE9B-BC9F-472F-B53B-F4287EE2F17A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "1895BC03-A0B4-4AE8-8EB5-DAFC913E4B2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "99479490-9BB9-40BD-B4FB-A23D81E48631", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "DB01FA17-68F7-47E6-9D94-AC3C290F62AE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this vulnerability by convincing a user to visit a malicious website designed to send requests to the affected application while the user is logged into the application with an active session cookie. A successful exploit could allow the attacker to retrieve policy or configuration information from the affected software and to perform another attack against the management console. Cisco Bug IDs: CSCvh68311."}, {"lang": "es", "value": "Una vulnerabilidad en Cisco Firepower System Software podr\u00eda permitir que un atacante remoto no autenticado acceda a datos sensibles del sistema. La vulnerabilidad se debe a protecciones indebidas de Cross-Origin Domain para el protocolo WebSocket. Un atacante podr\u00eda explotar esta vulnerabilidad convenciendo a un usuario para que visite un sitio web malicioso dise\u00f1ado para enviar peticiones a la aplicaci\u00f3n afectada mientras el usuario tenga la sesi\u00f3n iniciada en la aplicaci\u00f3n con una cookie de sesi\u00f3n activa. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante recupere informaci\u00f3n de pol\u00edticas o configuraci\u00f3n del software afectado y realice otro ataque contra la consola de gesti\u00f3n. Cisco Bug IDs: CSCvh68311."}], "id": "CVE-2018-0278", "lastModified": "2020-09-04T18:33:00.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-02T22:29:00.967", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104122"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-dos"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}