CVE-2018-0435 - OpenCVE

A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Umbrella

Configuration 1 [-]

cpe:2.3:a:cisco:umbrella:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/105283	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2018-09-05T00:00:00

Updated: 2018-10-07T09:57:02

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0435

JSON object: View

NVD Information

Status : Modified

Published: 2018-10-05T14:29:01.840

Modified: 2019-10-09T23:32:04.647

Link: CVE-2018-0435

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "Cisco Umbrella ", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-09-05T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-10-07T09:57:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "105283", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105283"}, {"name": "20180905 Cisco Umbrella API Unauthorized Access Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api"}], "source": {"advisory": "cisco-sa-20180905-umbrella-api", "defect": [["CSCvj37940", "CSCvj37954", "CSCvj37982", "CSCvj37993", "CSCvj38122"]], "discovery": "UNKNOWN"}, "title": "Cisco Umbrella API Unauthorized Access Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2018-09-05T16:00:00-0500", "ID": "CVE-2018-0435", "STATE": "PUBLIC", "TITLE": "Cisco Umbrella API Unauthorized Access Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Umbrella ", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations."}]}, "impact": {"cvss": {"baseScore": "9.1", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-287"}]}]}, "references": {"reference_data": [{"name": "105283", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105283"}, {"name": "20180905 Cisco Umbrella API Unauthorized Access Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api"}]}, "source": {"advisory": "cisco-sa-20180905-umbrella-api", "defect": [["CSCvj37940", "CSCvj37954", "CSCvj37982", "CSCvj37993", "CSCvj38122"]], "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0435", "datePublished": "2018-09-05T00:00:00", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2018-10-07T09:57:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:umbrella:*:*:*:*:*:*:*:*", "matchCriteriaId": "6383EE3F-ED8A-4E50-89DD-E0C496E9D466", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations."}, {"lang": "es", "value": "Una vulnerabilidad en la API de Cisco Umbrella podr\u00eda permitir a un atacante remoto autenticado visualizar y modificar datos en toda su organizaci\u00f3n y en otras organizaciones. La vulnerabilidad se debe a configuraciones de autenticaci\u00f3n insuficientes para la interfaz API de Cisco Umbrella. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ver y potencialmente modificar los datos de su organizaci\u00f3n u otras organizaciones. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante leer o modificar datos en varias organizaciones.Una vulnerabilidad en Cisco Webex Teams, anteriormente Cisco Spark, podr\u00eda permitir a un atacante remoto autenticado visualizar y modificar los datos de una organizaci\u00f3n que no sea la suya propia. La vulnerabilidad existe porque el software afectado realiza comprobaciones insuficientes de las asociaciones entre las cuentas de usuario y las cuentas de la organizaci\u00f3n. Un atacante que tenga privilegios administrator o compliance officer para una cuenta de la organizaci\u00f3n podr\u00eda explotar esta vulnerabilidad utilizando esos privilegios para visualizar y modificar datos para otra cuenta de la organizaci\u00f3n. Esta vulnerabilidad no afect\u00f3 a los datos de los clientes."}], "id": "CVE-2018-0435", "lastModified": "2019-10-09T23:32:04.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 3.1, "impactScore": 5.3, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-05T14:29:01.840", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105283"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}