CVE-2018-0462

{"id": "CVE-2018-0462", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2018-10-05T14:29:04.137", "references": [{"url": "http://www.securityfocus.com/bid/105291", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-dos1", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a denial of service (DoS) attack against an affected system. The vulnerability is due to insufficient validation of user-provided input. An attacker could exploit this vulnerability by logging in with a highly privileged user account and performing a sequence of specific user management operations that interfere with the underlying operating system. A successful exploit could allow the attacker to permanently degrade the functionality of the affected system."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad de gesti\u00f3n de usuarios de Cisco Enterprise NFV Infrastructure Software (NFVIS) podr\u00eda permitir que un atacante remoto autenticado realice un ataque de denegaci\u00f3n de servicio (DoS) contra un sistema afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de las entradas proporcionadas por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad iniciando sesi\u00f3n con una cuenta de usuario con privilegios altos y realizando una secuencia de operaciones de gesti\u00f3n de usuarios espec\u00edficas que interfieran con el sistema operativo subyacente. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante degrade permanentemente la funcionalidad del sistema afectado."}], "lastModified": "2019-10-09T23:32:08.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:enterprise_network_virtualization_software:nfvis-6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62321232-048A-4A3E-8F72-52D8790CC3C5"}, {"criteria": "cpe:2.3:a:cisco:enterprise_network_virtualization_software:nfvis-8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "060E1969-C4EB-4E8A-9007-984C89D8A853"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}