cbcvebase.
CVE-2018-15394
published 2018-11-08

CVE-2018-15394: A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass…

PriorityP267critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.02%
89.3th percentile
A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to gain unauthenticated access, resulting in elevated privileges in the SMC.

Affected

3 ranges
VendorProductVersion rangeFixed in
ciscocisco_stealthwatch_enterprise
ciscostealthwatch_enterprise<= 6.10.2
ciscostealthwatch_management

Detection & IOCsextracted from sources · hover to see the quote

  • Detect unauthenticated crafted HTTP requests targeting the Cisco Stealthwatch Management Console (SMC) that result in administrative privilege access — monitor for HTTP requests to SMC endpoints that bypass authentication (no valid session/credentials) yet receive privileged responses.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.