Vulnerability Details : CVE-2018-0263
A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471.
Products affected by CVE-2018-0263
- cpe:2.3:a:cisco:meeting_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0263
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0263
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | AV:A/AC:L/Au:N/C:P/I:N/A:N |
6.5
|
2.9
|
NIST | |
7.4
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
2.8
|
4.0
|
NIST |
CWE ids for CVE-2018-0263
-
Assigned by: ykramarz@cisco.com (Secondary)
-
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-0263
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id
Cisco Meeting Server Information Disclosure VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/104419
Cisco Meeting Server CVE-2018-0263 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1041065
Cisco Meeting Server Configuration Flaw Lets Remote Users on the Local Network Obtain Potentially Sensitive Information on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
Jump to