How severe is CVE-2018-15404?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2018-15404?

This is classified as CWE-399, which is a common weakness in software security.

CVE-2018-15404 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient restrictions on the size or total amount of resources allowed via the web interface. An attacker who has valid credentials for the application could exploit this vulnerability by sending a crafted or malformed HTTP request to the web interface. A successful exploit could allow the attacker to cause oversubscription of system resources or cause a component to become unresponsive, resulting in a DoS condition.

Related Vulnerabilities

CVE-2012-5030

MEDIUM

CVSS:6.5(Medium)

Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking ...

CWE-3992012

CVE-2015-2927

MEDIUM

CVSS:6.5(Medium)

node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption).

CWE-3992015

CVE-2015-6431

MEDIUM

CVSS:6.5(Medium)

Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405.

CWE-3992015

CVE-2015-7461

MEDIUM

CVSS:6.5(Medium)

XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via cra...

CWE-3992015

CVE-2015-8345

MEDIUM

CVSS:6.5(Medium)

The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.

CWE-3992015

CVE-2015-8677

MEDIUM

CVSS:6.5(Medium)

Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus se...

CWE-3992015