How severe is CVE-2018-0368?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2018-0368?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2018-0368 - HIGH Severity | CVSS 7.8

Vulnerability Description

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient security restrictions imposed by the affected software. An attacker could exploit this vulnerability by accessing unprotected log files. A successful exploit could allow the attacker to access sensitive log files, which may include system credentials, on the affected device. Cisco Bug IDs: CSCvi22400.

Related Vulnerabilities

CVE-2011-3177

HIGH

CVSS:7.8(High)

The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks...

CWE-2002011

CVE-2014-4991

HIGH

CVSS:7.8(High)

(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to ob...

CWE-2002014

CVE-2014-4992

HIGH

CVSS:7.8(High)

lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process.

CWE-2002014

CVE-2014-4993

HIGH

CVSS:7.8(High)

(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows...

CWE-2002014

CVE-2014-4997

HIGH

CVSS:7.8(High)

lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.

CWE-2002014

CVE-2014-4998

HIGH

CVSS:7.8(High)

test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

CWE-2002014