Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistCiscoCVELIST:CVE-2018-15405
HistoryOct 05, 2018 - 2:00 p.m.

CVE-2018-15405 Cisco Integrated Management Controller Supervisor and Cisco UCS Director Authenticated Web Interface Information Disclosure Vulnerability

2018-10-0514:00:00
CWE-285
cisco
www.cve.org
3

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

33.1%

JSON

A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly include the access level of the web interface user. An attacker who has valid application credentials could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional reconnaissance attacks.

CNA Affected

[
  {
    "product": "Cisco Unified Computing System Director",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Related

prion 1
cisco 1
nvd 1
cve 1
prion
prion
Authorization
2018-10-05 14:29:00
cisco
cisco
Cisco Integrated Management Controller Supervisor and Cisco UCS Director Authenticated Web Interface Information Disclosure Vulnerability
2018-10-03 16:00:00
nvd
nvd
CVE-2018-15405
2018-10-05 14:29:08
cve
cve
CVE-2018-15405
2018-10-05 14:29:08

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

33.1%

JSON
Related for CVELIST:CVE-2018-15405
prion1cisco1nvd1cve1