How severe is CVE-2018-0116?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2018-0116?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2018-0116 - HIGH Severity | CVSS 7.2

Vulnerability Description

A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. The vulnerability is due to incorrect RADIUS user credential validation. An attacker could exploit this vulnerability by attempting to access a Cisco Policy Suite domain configured with RADIUS authentication. An exploit could allow the attacker to be authorized as a subscriber without providing a valid password. This vulnerability affects the Cisco Policy Suite application running a release prior to 13.1.0 with Hotfix Patch 1 when RADIUS authentication is configured for a domain. Cisco Policy Suite Release 14.0.0 is also affected, as it includes vulnerable code, but RADIUS authentication is not officially supported in Cisco Policy Suite Releases 14.0.0 and later. Cisco Bug IDs: CSCvg40124.

Related Vulnerabilities

CVE-2016-10831

HIGH

CVSS:7.2(High)

cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).

CWE-2872016

CVE-2017-14602

HIGH

CVSS:7.2(High)

A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e ...

CWE-2872017

CVE-2017-15519

HIGH

CVSS:7.2(High)

Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. All users are urged to move to version 3.0...

CWE-2872017

CVE-2018-7067

HIGH

CVSS:7.2(High)

A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the ent...

CWE-2872018

CVE-2019-14705

HIGH

CVSS:7.2(High)

An Incorrect Access Control issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5 because any valid cookie can be used to make requests as an admin.

CWE-2872019

CVE-2020-13290

HIGH

CVSS:7.2(High)

In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page

CWE-2872020