How severe is CVE-2018-0284?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2018-0284?

This is classified as CWE-264, which is a common weakness in software security.

CVE-2018-0284 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited.

Related Vulnerabilities

CVE-2014-0229

MEDIUM

CVSS:6.5(Medium)

Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownData...

CWE-2642014

CVE-2014-1889

MEDIUM

CVSS:6.5(Medium)

The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.

CWE-2642014

CVE-2014-8540

MEDIUM

CVSS:6.5(Medium)

The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.

CWE-2642014

CVE-2014-9503

MEDIUM

CVSS:6.5(Medium)

The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging impr...

CWE-2642014

CVE-2015-4082

MEDIUM

CVSS:6.5(Medium)

attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive informat...

CWE-2642015

CVE-2015-5167

MEDIUM

CVSS:6.5(Medium)

The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API.

CWE-2642015