CVE-2018-15394 CRITICAL

CVE-2018-15394: Cisco Stealthwatch Management Console Authentication Bypass Vulnerability

Vendor Cisco

Product Cisco Stealthwatch Enterprise

Weakness CWE-284

Published November 8, 2018

Last update November 26, 2024

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to gain unauthenticated access, resulting in elevated privileges in the SMC.

Key dates

02Disclosure timeline

November 8, 2018 CVE published

November 26, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-15394 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

CVE-2018-15394: Cisco Stealthwatch Management Console Authentication Bypass Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE