Vulnerability Details : CVE-2018-0392
A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user. The vulnerability is due to insufficient access control permissions (i.e., World-Readable). An attacker could exploit this vulnerability by logging in to the CLI. An exploit could allow the attacker to access potentially sensitive files that are owned by a different user. Cisco Bug IDs: CSCvh18087.
Products affected by CVE-2018-0392
- cpe:2.3:o:cisco:mobility_services_engine_3365_firmware:14.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:mobility_services_engine_3355_firmware:14.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:mobility_services_engine_3310_firmware:14.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0392
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0392
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
|
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2018-0392
-
Assigned by: ykramarz@cisco.com (Secondary)
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-0392
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-suite-data
Cisco Policy Suite World-Readable Sensitive Data VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/104866
Cisco Policy Suite CVE-2018-0392 Local Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
Jump to