How severe is CVE-2018-0275?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2018-0275?

This is classified as CWE-16, which is a common weakness in software security.

CVE-2018-0275

MEDIUM Year: 2018

CVSS v3 Score

6.7

Medium

CVSS v2 Score

7.2

High

Weakness Type

CWE-16

View all →

Vulnerability Description

A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the attacker to run any system command with root access. This affects Cisco Identity Services Engine (ISE) software versions prior to 2.2.0.470. Cisco Bug IDs: CSCvf54409.

CVE-2019-1829

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper auth...

CWE-162019

CVE-2020-8353

MEDIUM

CVSS:6.7(Medium)

Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative us...

CWE-162020

CVE-2023-43088

MEDIUM

CVSS:6.8(Medium)

Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execu...

CWE-162023

CVE-2019-19000

MEDIUM

CVSS:6.5(Medium)

For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sens...

CWE-162019

CVE-2019-19001

MEDIUM

CVSS:6.5(Medium)

For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the applicati...

CWE-162019

CVE-2020-16247

HIGH

CVSS:7.1(High)

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

CWE-162020

CVE-2018-0275

Vulnerability Description

Related Vulnerabilities

CVE-2019-1829

CVE-2020-8353

CVE-2023-43088

CVE-2019-19000

CVE-2019-19001

CVE-2020-16247