Vulnerability Details : CVE-2018-0110
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which would not disable access to specifically configured user accounts, even after access had been disabled in the web application. An attacker could exploit this vulnerability by connecting to the remote support account, even after it had been disabled at the web application level. An exploit could allow the attacker to modify server configuration and gain access to customer data. Cisco Bug IDs: CSCvg46741.
Products affected by CVE-2018-0110
- cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0110
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0110
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:N |
8.0
|
4.9
|
NIST | |
8.1
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
2.8
|
5.2
|
NIST |
CWE ids for CVE-2018-0110
-
Assigned by: ykramarz@cisco.com (Secondary)
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-0110
-
http://www.securitytracker.com/id/1040236
Cisco WebEx Meetings Server Flaw Lets Remote Authenticated Users Access the Disabled Remote Support Account - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/102773
Cisco WebEx Meetings Server CVE-2018-0110 Remote Security VulnerabilityThird Party Advisory;VDB Entry
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms2
Cisco WebEx Meetings Server Remote Account Disabling VulnerabilityVendor Advisory
Jump to