CVE-2018-0130

CWE-264 CWE-11884 documents4 sources

Severity

9.8CRITICAL

EPSS

0.9%

top 23.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Virtual Managed Services

Timeline

PublishedFeb 22

Latest updateMay 13

Description

A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability is due to the presence of static default credentials for the web-based service portal of the affected software. An attacker could exploit this vulnerability by extracting the credentials from an image of the affected software and using those credentials to …

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5cisco_elastic_services_controllerCisco Elastic Services Controller

▶NVDcisco/virtual_managed_services3.0

🔴Vulnerability Details

GHSA

GHSA-p3xr-xw6j-mjf8: A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthentic↗2022-05-13

▶

CVEList

CVE-2018-0130: A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthentic↗2018-02-22

▶

📋Vendor Advisories

Cisco

Cisco Elastic Services Controller Service Portal Unauthorized Access Vulnerability↗2018-02-21

▶