CVE-2018-15394

EPSS 0.14%
Veröffentlicht 08.11.2018 17:29:00
Zuletzt bearbeitet 21.11.2024 03:50:41
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to gain unauthenticated access, resulting in elevated privileges in the SMC.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Stealthwatch Enterprise Version <= 6.10.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.307

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
psirt@cisco.com	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.securityfocus.com/bid/105853

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-smc-auth-bypass

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-15394

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-15394

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-15394

EUVD