CVE-2018-15398Improper Access Control in Cisco Adaptive Security Appliance Software

CWE-284Improper Access Control4 documents4 sources
Severity
4.0MEDIUMNVD
EPSS
0.3%
top 45.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Adaptive Security Appliance SoftwareCisco Adaptive Security Appliance SoftwareCisco Firepower Threat Defense
Timeline
PublishedOct 5
Latest updateMay 13

Description

A vulnerability in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to errors that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit this vulnerability by connecting to a network thro

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages3 packages

NVDcisco/adaptive_security_appliance_software9.4\(2\), 9.4\(4\), 9.6\(4.3\)+2

🔴Vulnerability Details

2
GHSA
GHSA-cx64-gcjv-365c: A vulnerability in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software2022-05-13
CVEList
Cisco Adaptive Security Appliance Access Control List Bypass Vulnerability2018-10-05

📋Vendor Advisories

1
Cisco
Cisco Adaptive Security Appliance Access Control List Bypass Vulnerability2018-10-03
CVE-2018-15398 — Improper Access Control in Cisco | cvebase