6.5
CVE-2018-0393
- EPSS 0.13%
- Veröffentlicht 18.07.2018 23:29:01
- Zuletzt bearbeitet 21.11.2024 03:38:08
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
LoginA Read-Only User Effect Change vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by accessing the Policy Builder interface and modifying an HTTP request. A successful exploit could allow the attacker to make changes to existing policies. Cisco Bug IDs: CSCvi35007.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Mobility Services Engine 3365 Firmware Version18.0.0
Cisco ≫ Mobility Services Engine 3355 Firmware Version18.0.0
Cisco ≫ Mobility Services Engine 3310 Firmware Version18.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.287 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
CWE-285 Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.