Registered Envelope Service
CVE-2018-15448
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecure configuration that allows improper indexing. An attacker could exploit this vulnerability by using a search engine to look for specific data strings. A successful exploit could allow the attacker to discover certain sensitive information about the application, including usernames.
AnalysisAI
A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-16. A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecure configuration that allows improper indexing. An attacker could exploit this vulnerability by using a search engine to look for specific data strings. A successful exploit could allow the attacker to discover certain sensitive information about the application, including usernames. Affected products include: Cisco Registered Envelope Service.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Registered Envelope Service
View allA vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote att
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could all
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could all
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could all
A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote
A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authentica
Same weakness CWE-16 – Configuration
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today