CVE-2018-0435

A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations.

CVSS v3 9.1 CRITICAL
CVSS v2.0 6.5 MEDIUM

9.1^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

Exploitability : 3.1 / Impact : 5.3

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/105283	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:umbrella:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-10-05 14:29

Updated : 2019-10-09 23:32

NVD link : CVE-2018-0435

Mitre link : CVE-2018-0435

CVE.ORG link : CVE-2018-0435

JSON object : View

Products Affected

cisco

umbrella

CWE

CWE-287

Improper Authentication

{"id": "CVE-2018-0435", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 5.3, "exploitabilityScore": 3.1}]}, "published": "2018-10-05T14:29:01.840", "references": [{"url": "http://www.securityfocus.com/bid/105283", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations."}, {"lang": "es", "value": "Una vulnerabilidad en la API de Cisco Umbrella podr\u00eda permitir a un atacante remoto autenticado visualizar y modificar datos en toda su organizaci\u00f3n y en otras organizaciones. La vulnerabilidad se debe a configuraciones de autenticaci\u00f3n insuficientes para la interfaz API de Cisco Umbrella. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ver y potencialmente modificar los datos de su organizaci\u00f3n u otras organizaciones. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante leer o modificar datos en varias organizaciones.Una vulnerabilidad en Cisco Webex Teams, anteriormente Cisco Spark, podr\u00eda permitir a un atacante remoto autenticado visualizar y modificar los datos de una organizaci\u00f3n que no sea la suya propia. La vulnerabilidad existe porque el software afectado realiza comprobaciones insuficientes de las asociaciones entre las cuentas de usuario y las cuentas de la organizaci\u00f3n. Un atacante que tenga privilegios administrator o compliance officer para una cuenta de la organizaci\u00f3n podr\u00eda explotar esta vulnerabilidad utilizando esos privilegios para visualizar y modificar datos para otra cuenta de la organizaci\u00f3n. Esta vulnerabilidad no afect\u00f3 a los datos de los clientes."}], "lastModified": "2019-10-09T23:32:04.647", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:umbrella:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6383EE3F-ED8A-4E50-89DD-E0C496E9D466"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}