Lucene search

[email protected]NVD:CVE-2018-15398

HistoryOct 05, 2018 - 2:29 p.m.

CVE-2018-15398

2018-10-0514:29:08

CWE-284

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

49.9%

JSON

A vulnerability in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to errors that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit this vulnerability by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to access resources that are behind the affected device and would typically be protected by the interface ACL.

Affected configurations

Nvd

Node

ciscoadaptive_security_appliance_softwareMatch9.6\(4.3\)

ciscoadaptive_security_appliance_softwareMatch9.4\(2\)

ciscoadaptive_security_appliance_softwareMatch9.4\(4\)

Node

ciscofirepower_threat_defenseMatch6.2.0

VendorProductVersionCPE
ciscoadaptive_security_appliance_software9.6(4.3)cpe:2.3:a:cisco:adaptive_security_appliance_software:9.6\(4.3\):*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.4(2)cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4\(2\):*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.4(4)cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4\(4\):*:*:*:*:*:*:*
ciscofirepower_threat_defense6.2.0cpe:2.3:a:cisco:firepower_threat_defense:6.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	adaptive_security_appliance_software	9.6(4.3)	cpe:2.3:a:cisco:adaptive_security_appliance_software:9.6\(4.3\):::::::*
cisco	adaptive_security_appliance_software	9.4(2)	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4\(2\):::::::*
cisco	adaptive_security_appliance_software	9.4(4)	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4\(4\):::::::*
cisco	firepower_threat_defense	6.2.0	cpe:2.3:a:cisco:firepower_threat_defense:6.2.0:::::::*

References

www.securityfocus.com/bid/105517

www.securitytracker.com/id/1041788

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-acl-bypass

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

49.9%

JSON

Related for NVD:CVE-2018-15398

cisco1 prion1 cvelist1 cve1