CVE-2018-0353 - OpenCVE

Vendors	Products
Cisco	Web Security Appliance

Link	Resource
http://www.securityfocus.com/bid/104417	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041081	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa	Vendor Advisory

{"containers": {"cna": {"affected": [{"product": "Cisco Web Security Appliance unknown", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Web Security Appliance unknown"}]}], "datePublic": "2018-06-07T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections. The vulnerability is due to a change in the underlying operating system software that is responsible for monitoring affected traffic. An attacker could exploit this vulnerability by sending crafted IP packets to an affected device. A successful exploit could allow the attacker to pass traffic through the device, which the WSA was configured to deny. This vulnerability affects both IPv4 and IPv6 traffic. This vulnerability affects Cisco AsyncOS versions for WSA on both virtual and hardware appliances running any release of the 10.5.1, 10.5.2, or 11.0.0 WSA Software. The WSA is vulnerable if it is configured for L4TM. Cisco Bug IDs: CSCvg78875."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-254", "description": "CWE-254", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-06-13T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "104417", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104417"}, {"name": "1041081", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041081"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2018-0353", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Web Security Appliance unknown", "version": {"version_data": [{"version_value": "Cisco Web Security Appliance unknown"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections. The vulnerability is due to a change in the underlying operating system software that is responsible for monitoring affected traffic. An attacker could exploit this vulnerability by sending crafted IP packets to an affected device. A successful exploit could allow the attacker to pass traffic through the device, which the WSA was configured to deny. This vulnerability affects both IPv4 and IPv6 traffic. This vulnerability affects Cisco AsyncOS versions for WSA on both virtual and hardware appliances running any release of the 10.5.1, 10.5.2, or 11.0.0 WSA Software. The WSA is vulnerable if it is configured for L4TM. Cisco Bug IDs: CSCvg78875."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-254"}]}]}, "references": {"reference_data": [{"name": "104417", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104417"}, {"name": "1041081", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041081"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0353", "datePublished": "2018-06-07T12:00:00", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2018-06-13T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:web_security_appliance:10.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "1F7A98C9-8D22-405F-996E-825A2B482D19", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:10.5.1-296:*:*:*:*:*:*:*", "matchCriteriaId": "AC67BB76-C4E8-4AC2-B5F5-4FB36336273D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:10.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "A2957D7F-3EDD-474F-AE55-8EB2ADBDB4A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:11.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E9EA61C-3D1D-463A-802A-0073183CE39C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:11.5.0-fcs-442:*:*:*:*:*:*:*", "matchCriteriaId": "6FCBF076-11BC-4940-BC19-152A14DC0B7C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections. The vulnerability is due to a change in the underlying operating system software that is responsible for monitoring affected traffic. An attacker could exploit this vulnerability by sending crafted IP packets to an affected device. A successful exploit could allow the attacker to pass traffic through the device, which the WSA was configured to deny. This vulnerability affects both IPv4 and IPv6 traffic. This vulnerability affects Cisco AsyncOS versions for WSA on both virtual and hardware appliances running any release of the 10.5.1, 10.5.2, or 11.0.0 WSA Software. The WSA is vulnerable if it is configured for L4TM. Cisco Bug IDs: CSCvg78875."}, {"lang": "es", "value": "Una vulnerabilidad en las funciones de monitorizaci\u00f3n de tr\u00e1fico en Cisco Web Security Appliance (WSA) podr\u00eda permitir que un atacante remoto no autenticado omita la funcionalidad L4TM (Layer 4 Traffic Monitor) y omita las protecciones de seguridad. La vulnerabilidad se debe a un cambio en el software del sistema operativo subyacente responsable de monitorizar el tr\u00e1fico afectado. Un atacante podr\u00eda explotar esta vulnerabilidad enviando paquetes IP manipulados a un dispositivo afectado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante pase tr\u00e1fico a trav\u00e9s del dispositivo, que WSA deb\u00eda denegar por su configuraci\u00f3n. Esta vulnerabilidad afecta al tr\u00e1fico IPv4 y IPv6. La vulnerabilidad afecta a las versiones de Cisco AsyncOS para WSA, tanto en m\u00e1quinas virtuales como f\u00edsicas que ejecuten cualquier distribuci\u00f3n del software WSA en versiones 10.5.1, 10.5.2 o 11.0.0. WSA es vulnerable si est\u00e1 configurado para L4TM. Cisco Bug IDs: CSCvg78875."}], "id": "CVE-2018-0353", "lastModified": "2019-10-09T23:31:51.537", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-07T12:29:00.777", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104417"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041081"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-254"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

JSON object

JSON object

JSON object