CVE-2018-15465

Description

A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An exploit could allow the attacker to retrieve files (including the running configuration) from the device or to upload and replace software images on the device.

Risk Information

Base Score

8.1

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Score

Exploitation Probability

0.289

Associated Vulnerability

Vulnerability	OS Platform
Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability For Cisco Adaptive Security Appliance (ASA) Software	NCM
Incorrect Authorization Vulnerability (CVE-2018-15465)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1706057	Security Update for Cisco Adaptive Security Appliance (ASA) Software 99.17(1.69)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234