CVE-2018-0278: CVE-2018-0278

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-0278

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this vulnerability by convincing a user to visit a malicious website designed to send requests to the affected application while the user is logged into the application with an active session cookie. A successful exploit could allow the attacker to retrieve policy or configuration information from the affected software and to perform another attack against the management console. Cisco Bug IDs: CSCvh68311.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

信息暴露

Source: NVD (National Vulnerability Database)

Vulnerability Title

Cisco Firepower System Software management console 信息泄露漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Cisco Firepower System Software是美国思科（Cisco）公司的一款下一代防火墙产品（NGFW）。Management Console是其中的一个管理控制台程序。 Cisco Firepower System Software中的management console存在信息泄露漏洞，该漏洞源于对WebSocket协议没有正确的实施保护。远程攻击者可通过诱使用户访问恶意的网站利用该漏洞从受影响软件中检索策略或配置信息。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	Cisco Firepower System Software	Cisco Firepower System Software	-

II. Public POCs for CVE-2018-0278

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-0278

Please Login to view more intelligence information

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-dosx_refsource_CONFIRM
http://www.securityfocus.com/bid/104122vdb-entryx_refsource_BID
https://nvd.nist.gov/vuln/detail/CVE-2018-0278

New Vulnerabilities

Product: Cisco Firepower System Software

Vendor: n/a

Same weakness: CWE-200

V. Comments for CVE-2018-0278

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2018-0278

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-0278

III. Intelligence Information for CVE-2018-0278

New Vulnerabilities

V. Comments for CVE-2018-0278

Leave a comment