Main Vulnerability Database Vulnerabilities #VU15771

#VU15771 Authentication bypass in Cisco Stealthwatch - CVE-2018-15394

Published: November 7, 2018 / Updated: November 8, 2018

Vulnerability identifier: #VU15771

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-15394

CWE-ID: CWE-592

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Stealthwatch

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to an insecure system configuration. A remote unauthenticated attacker can send a specially crafted HTTP request to the targeted application, bypass authentication and gain elevated privileges in the SMC.

Remediation

The vulnerability has been fixed in the versions 6.7.5, 6.8.4, 6.9.5, 6.10.3.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-smc-auth-byp...

#VU15771 Authentication bypass in Cisco Stealthwatch - CVE-2018-15394

Description

Remediation

External links

Please verify you're human