CVE-2018-0111

{"id": "CVE-2018-0111", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2018-01-18T06:29:01.487", "references": [{"url": "http://www.securityfocus.com/bid/102723", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1040237", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms3", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which could include internal network information that should be restricted. An attacker could exploit the vulnerability by utilizing available resources to study the customer network. An exploit could allow the attacker to discover sensitive data about the application. Cisco Bug IDs: CSCvg46806."}, {"lang": "es", "value": "Una vulnerabilidad en Cisco WebEx Meetings Server podr\u00eda permitir que un atacante remoto no autenticado acceda a datos sensibles de la aplicaci\u00f3n. Un atacante podr\u00eda explotar esta vulnerabilidad para obtener informaci\u00f3n y realizar ataques de reconocimiento adicionales. La vulnerabilidad se debe a un fallo de dise\u00f1o en Cisco WebEx Meetings Server, que podr\u00eda incluir informaci\u00f3n interna de la red que deber\u00eda estar restringida. Un atacante puede explotar esta vulnerabilidad empleando recursos disponibles para estudiar la red del cliente. Un exploit podr\u00eda permitir que el atacante descubra datos sensibles sobre la aplicaci\u00f3n. Cisco Bug IDs: CSCvg46806."}], "lastModified": "2019-10-09T23:31:15.533", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EE9AB43-3737-4D5B-95F9-1C3D899B3E8D"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}