Vulnerability Details : CVE-2018-0436
A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability.
Products affected by CVE-2018-0436
- cpe:2.3:a:cisco:webex_teams:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0436
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0436
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:N |
8.0
|
4.9
|
NIST | |
8.7
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N |
2.3
|
5.8
|
NIST | |
8.7
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N |
2.3
|
5.8
|
NIST | 2024-05-23 |
CWE ids for CVE-2018-0436
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2018-0436
-
http://www.securityfocus.com/bid/105301
Cisco Webex Teams CVE-2018-0436 Remote Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod
Cisco Webex Teams Information Disclosure and Modification VulnerabilityVendor Advisory
Jump to