Vulnerability Description
A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An exploit could allow the attacker to retrieve files (including the running configuration) from the device or to upload and replace software images on the device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Adaptive Security Appliance Software | < 9.4.4.29 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106256Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- https://www.tenable.com/security/research/tra-2018-46ExploitThird Party Advisory
- http://www.securityfocus.com/bid/106256Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- https://www.tenable.com/security/research/tra-2018-46ExploitThird Party Advisory
FAQ
What is CVE-2018-15465?
CVE-2018-15465 is a vulnerability with a CVSS score of 8.1 (HIGH). A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privilege...
How severe is CVE-2018-15465?
CVE-2018-15465 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-15465?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Adaptive Security Appliance Software.