CVE-2018-15394
published 2018-11-08CVE-2018-15394: A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass…
PriorityP267critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.02%
89.3th percentile
A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to gain unauthenticated access, resulting in elevated privileges in the SMC.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_stealthwatch_enterprise | — | — |
| cisco | stealthwatch_enterprise | <= 6.10.2 | — |
| cisco | stealthwatch_management | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated crafted HTTP requests targeting the Cisco Stealthwatch Management Console (SMC) that result in administrative privilege access — monitor for HTTP requests to SMC endpoints that bypass authentication (no valid session/credentials) yet receive privileged responses. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qg74-x86q-mr5x: A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypas
ghsa_unreviewed·2022-05-13
CVE-2018-15394 [CRITICAL] GHSA-qg74-x86q-mr5x: A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypas
A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to gain unauthenticated access, resulting in elevated privileges in the SMC.
Cisco
Cisco Stealthwatch Management Console Authentication Bypass Vulnerability
vendor_cisco·2018-11-07·CVSS 9.8
CVE-2018-15394 [CRITICAL] CWE-284 Cisco Stealthwatch Management Console Authentication Bypass Vulnerability
Cisco Stealthwatch Management Console Authentication Bypass Vulnerability
A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system.
The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to gain unauthenticated access, resulting in elevated privileges in the SMC.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cl
Cisco
Cisco Stealthwatch Management Console Authentication Bypass Vulnerability
vendor_cisco·CVSS 3.0
CVE-2018-15394 Cisco Stealthwatch Management Console Authentication Bypass Vulnerability
CVE-2018-15394: Cisco Stealthwatch Management Console Authentication Bypass Vulnerability
A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to gain unauthenticated access, resulting in elevated privileges in the SMC. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.0
CWE: CWE-284, CWE-284
Bug IDs: CSCvk52848
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-11-08
Published