← Back

CVE-2018-0392

nvd nist
Published: Jul 18, 2018Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user. The vulnerability is due to insufficient access control permissions (i.e., World-Readable). An attacker could exploit this vulnerability by logging in to the CLI. An exploit could allow the attacker to access potentially sensitive files that are owned by a different user. Cisco Bug IDs: CSCvh18087.

Affected (3)

Cisco
3 products
Mobility Services Engine 3365 Firmware
Mobility Services Engine 3355 Firmware
Mobility Services Engine 3310 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Mobility Services Engine 3365 Firmware
Version 14.0.0
Running on/withPlatform Versions
Cisco
Mobility Services Engine 3365
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Mobility Services Engine 3355 Firmware
Version 14.0.0
Running on/withPlatform Versions
Cisco
Mobility Services Engine 3355
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Mobility Services Engine 3310 Firmware
Version 14.0.0
Running on/withPlatform Versions
Cisco
Mobility Services Engine 3310
All versions

Related CWEs

CWE-275
CWE-275
CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.