CVE-2018-0285

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.9%

top 24.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Prime Service Catalog

Timeline

PublishedMay 2

Latest updateMay 13

Description

A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability by performing certain operations that lead to excessive logging. A successful exploit could allow the attacker to deny service to the user interface. Cisco Bug IDs: CSCvd39568.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco_prime_service_catalogCisco Prime Service Catalog

▶NVDcisco/prime_service_catalog11.1.2

🔴Vulnerability Details

GHSA

GHSA-ww8h-rgpp-5jw6: A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface↗2022-05-13

▶

CVEList

CVE-2018-0285: A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface↗2018-05-02

▶

📋Vendor Advisories

Cisco

Cisco Prime Service Catalog User Interface Denial of Service Vulnerability↗2018-05-02

▶