How severe is CVE-2018-15374?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2018-15374?

This is classified as CWE-347, which is a common weakness in software security.

CVE-2018-15374

MEDIUM Year: 2018

CVSS v3 Score

6.7

Medium

CVSS v2 Score

7.2

High

Weakness Type

CWE-347

View all →

Vulnerability Description

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures for software images and files that are uploaded to a device. An attacker could exploit this vulnerability by uploading a malicious software image or file to an affected device. A successful exploit could allow the attacker to bypass digital signature verification checks for software images and files and install a malicious software image or file on the affected device.

CVE-2017-12331

MEDIUM

CVSS:6.7(Medium)

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-...

CWE-3472017

CVE-2017-12333

MEDIUM

CVSS:6.7(Medium)

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX-...

CWE-3472017

CVE-2017-8190

MEDIUM

CVSS:6.7(Medium)

FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high priv...

CWE-3472017

CVE-2019-12649

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on a...

CWE-3472019

CVE-2019-12662

MEDIUM

CVSS:6.7(Medium)

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service imag...

CWE-3472019

CVE-2019-1615

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software im...

CWE-3472019

CVE-2018-15374

Vulnerability Description

Related Vulnerabilities

CVE-2017-12331

CVE-2017-12333

CVE-2017-8190

CVE-2019-12649

CVE-2019-12662

CVE-2019-1615