Strix
26.1K

CVE-2018-0463

UnknownEPSS 1.49%

Last modified

CVE-2018-0463 is a vulnerability of currently unknown severity. A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network Plug and Play component performs incomplete validation when configured to use secure unique device identifiers (SUDI) for authentication. EPSS estimates a 1.49% chance of exploitation in the next 30 days.

Description

A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network Plug and Play component performs incomplete validation when configured to use secure unique device identifiers (SUDI) for authentication. An attacker who controls a Cisco device that supports SUDI authentication and has connectivity to an affected NSO system could exploit this vulnerability. The attacker would need to leverage information about the devices that are being registered on the NSO server to send crafted Cisco Network Plug and Play authentication packets to an affected system. A successful exploit could allow the attacker to gain unauthorized access to configuration data for devices that will be managed by the NSO system.

Metrics

EPSS Probability
1.49%

70.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoNetwork Services Orchestrator1.2.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-0463?
A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network Plug and Play component performs incomplete validation when configured to use secure unique device identifiers (SUDI) for authentication. An attacker who controls a Cisco device that supports SUDI authentication and has connectivity to an affected NSO system could exploit this vulnerability. The attacker would need to leverage information about the devices that are being registered on the NSO server to send crafted Cisco Network Plug and Play authentication packets to an affected system. A successful exploit could allow the attacker to gain unauthorized access to configuration data for devices that will be managed by the NSO system.
How severe is CVE-2018-0463?
Severity scoring for CVE-2018-0463 is pending analysis. The EPSS model estimates a 1.49% probability of exploitation in the next 30 days.
How do I fix CVE-2018-0463?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-0463?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST