How severe is CVE-2018-0417?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2018-0417?

This is classified as CWE-264, which is a common weakness in software security.

CVE-2018-0417 - HIGH Severity | CVSS 7.5

Vulnerability Description

A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the remote TACACS server. An attacker could exploit this vulnerability by authenticating via TACACS to the GUI on the affected device. A successful exploit could allow an attacker to create local user accounts with administrative privileges on an affected WLC and execute other commands that are not allowed from the CLI and should be prohibited.

Related Vulnerabilities

CVE-2013-7432

HIGH

CVSS:7.5(High)

The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to bypass an intended protection mechanism.

CWE-2642013

CVE-2014-10058

HIGH

CVSS:7.5(High)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 8...

CWE-2642014

CVE-2014-3576

HIGH

CVSS:7.5(High)

The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.

CWE-2642014

CVE-2014-7851

HIGH

CVSS:7.5(High)

oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that use...

CWE-2642014

CVE-2014-8421

HIGH

CVSS:7.5(High)

Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ...

CWE-2642014

CVE-2015-1378

HIGH

CVSS:7.5(High)

cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users.

CWE-2642015