CVE-2018-15465Improper Authorization in Cisco Adaptive Security Appliance Software

CWE-285Improper AuthorizationCWE-863Incorrect Authorization4 documents4 sources
Severity
8.1HIGHNVD
EPSS
0.3%
top 47.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Adaptive Security Appliance SoftwareCisco Adaptive Security Appliance Software
Timeline
PublishedDec 24
Latest updateMay 13

Description

A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An expl

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-wccp-c983-j22q: A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (lev2022-05-13
CVEList
Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability2018-12-24

📋Vendor Advisories

1
Cisco
Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability2018-12-19
CVE-2018-15465 — Improper Authorization in Cisco | cvebase