How severe is CVE-2018-0459?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2018-0459?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2018-0459

MEDIUM Year: 2018

CVSS v3 Score

6.5

Medium

CVSS v2 Score

6.8

Medium

Weakness Type

CWE-285

View all →

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to cause an affected system to reboot or shut down. The vulnerability is due to insufficient server-side authorization checks. An attacker who is logged in to the web-based management interface as a low-privileged user could exploit this vulnerability by sending a crafted HTTP request. A successful exploit could allow the attacker to use the low-privileged user account to reboot or shut down the affected system.

CVE-2015-10033

MEDIUM

CVSS:6.5(Medium)

A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. T...

CWE-2852015

CVE-2017-0896

MEDIUM

CVSS:6.5(Medium)

Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite oth...

CWE-2852017

CVE-2017-0927

MEDIUM

CVSS:6.5(Medium)

Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.

CWE-2852017

CVE-2017-2686

MEDIUM

CVSS:6.5(Medium)

Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive informati...

CWE-2852017

CVE-2017-9268

MEDIUM

CVSS:6.5(Medium)

In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did no...

CWE-2852017

CVE-2018-0391

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is d...

CWE-2852018

CVE-2018-0459

Vulnerability Description

Related Vulnerabilities

CVE-2015-10033

CVE-2017-0896

CVE-2017-0927

CVE-2017-2686

CVE-2017-9268

CVE-2018-0391