CVE-2018-0238

CWE-287 — Improper Authentication4 documents4 sources

Severity

9.9CRITICAL

EPSS

3.7%

top 12.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Computing System Director

Timeline

PublishedApr 19

Latest updateMay 13

Description

A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in the UCS Director end-user portal and perform any permitted operations on any virtual machine. The permitted operations can be configured for the end user on the virtual machines with either of the following settings: The virtual machine is associated to a Virtual Data Center…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

▶NVDcisco/unified_computing_system_director6.5\(0.0\), 6.5\(0.1\)+1

▶CVEListV5cisco_ucs_directorCisco UCS Director

🔴Vulnerability Details

GHSA

GHSA-jr59-qj3r-wcp8: A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow an authenticated, r↗2022-05-13

▶

CVEList

CVE-2018-0238: A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow an authenticated, r↗2018-04-19

▶

📋Vendor Advisories

Cisco

Cisco UCS Director Virtual Machine Information Disclosure Vulnerability for End User Portal↗2018-04-18

▶