Authentication Vulnerability in Cisco Spark by Cisco Systems
CVE-2018-0119

4.7MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Spark
Vendor: CVE Published:; 8 February 2018

Summary

A security flaw in the authentication controls of Cisco Spark may enable an authenticated remote attacker to access and view restricted information on affected devices. This vulnerability arises from the improper handling of user account tokens, allowing an attacker to use a token from another account to log in. If exploited, the attacker could jeopardize the confidentiality, integrity, and availability of the device’s data, posing risks to the user's information security.

Affected Version(s)

Cisco Spark Cisco Spark

References

http://www.securityfocus.com/bid/102961

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 8, 2018
Vulnerability Reserved
Nov 27, 2017