CVE-2018-0392
Summary
| CVE | CVE-2018-0392 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-07-18 23:29:00 UTC |
| Updated | 2019-10-09 23:31:00 UTC |
| Description | A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user. The vulnerability is due to insufficient access control permissions (i.e., World-Readable). An attacker could exploit this vulnerability by logging in to the CLI. An exploit could allow the attacker to access potentially sensitive files that are owned by a different user. Cisco Bug IDs: CSCvh18087. |
Risk And Classification
Problem Types: CWE-732
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Mobility Services Engine 3310 | - | All | All | All |
| Hardware | Cisco | Mobility Services Engine 3310 | - | All | All | All |
| Operating System | Cisco | Mobility Services Engine 3310 Firmware | 14.0.0 | All | All | All |
| Operating System | Cisco | Mobility Services Engine 3310 Firmware | 14.0.0 | All | All | All |
| Hardware | Cisco | Mobility Services Engine 3355 | - | All | All | All |
| Hardware | Cisco | Mobility Services Engine 3355 | - | All | All | All |
| Operating System | Cisco | Mobility Services Engine 3355 Firmware | 14.0.0 | All | All | All |
| Operating System | Cisco | Mobility Services Engine 3355 Firmware | 14.0.0 | All | All | All |
| Hardware | Cisco | Mobility Services Engine 3365 | - | All | All | All |
| Hardware | Cisco | Mobility Services Engine 3365 | - | All | All | All |
| Operating System | Cisco | Mobility Services Engine 3365 Firmware | 14.0.0 | All | All | All |
| Operating System | Cisco | Mobility Services Engine 3365 Firmware | 14.0.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Policy Suite World-Readable Sensitive Data Vulnerability | CONFIRM | tools.cisco.com | Vendor Advisory |
| Cisco Policy Suite CVE-2018-0392 Local Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.