CVE-2018-0335

{"id": "CVE-2018-0335", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2018-06-07T21:29:00.540", "references": [{"url": "http://www.securityfocus.com/bid/104473", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1041069", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cpcp-id", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}, {"lang": "en", "value": "CWE-532"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602."}, {"lang": "es", "value": "Una vulnerabilidad en el proceso de autenticaci\u00f3n en el portal web de Cisco Prime Collaboration Provisioning podr\u00eda permitir que un atacante local no autenticado visualice datos sensibles. Esta vulnerabilidad se debe al registro incorrecto de datos de autenticaci\u00f3n. Un atacante podr\u00eda explotar esta vulnerabilidad monitorizando un archivo de lectura global espec\u00edfico para estos datos de autenticaci\u00f3n (contrase\u00f1as en texto claro). Su explotaci\u00f3n podr\u00eda permitir que el atacante obtenga informaci\u00f3n de autenticaci\u00f3n de otros usuarios. Cisco Bug IDs: CSCvd86602."}], "lastModified": "2019-10-09T23:31:48.147", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:prime_collaboration:12.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E543E834-D2B3-4189-8365-DAC7B6E86782"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}