CVE-2018-15394

CVE Database · CVE-2018-15394

CVE-2018-15394

· N/AModified

CVSS v3.1

N/A

EPSS

4.02%

Published

Nov 8, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to gain unauthenticated access, resulting in elevated privileges in the SMC.

Weaknesses (CWE)

CWE-284

Affected Products (1)

cisco · stealthwatch_enterprisevulnerable

References (4)

http://www.securityfocus.com/bid/105853

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-smc-auth-bypass

Vendor Advisory

http://www.securityfocus.com/bid/105853

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-smc-auth-bypass

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs