CVE-2018-15405
Last modified
CVE-2018-15405 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly include the access level of the web interface user. EPSS estimates a 1.85% chance of exploitation in the next 30 days.
Description
A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly include the access level of the web interface user. An attacker who has valid application credentials could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional reconnaissance attacks.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ucs Director | 2.1\(0.0\) |
| Cisco | Ucs Director | 6.6\(1.0\) |
References
- http://www.securitytracker.com/id/1041779Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1041779Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-15405?
How severe is CVE-2018-15405?
How do I fix CVE-2018-15405?
Are you affected by CVE-2018-15405?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST