How severe is CVE-2018-15398?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4 out of 10.

What type of vulnerability is CVE-2018-15398?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2018-15398 - MEDIUM Severity | CVSS 4

Vulnerability Description

A vulnerability in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to errors that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit this vulnerability by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to access resources that are behind the affected device and would typically be protected by the interface ACL.

Related Vulnerabilities

CVE-2019-10187

MEDIUM

CVSS:4.0(Medium)

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct acces...

CWE-2842019

CVE-2019-10188

MEDIUM

CVSS:4.0(Medium)

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz.

CWE-2842019

CVE-2019-10189

MEDIUM

CVSS:4.0(Medium)

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment.

CWE-2842019

CVE-2022-38388

MEDIUM

CVSS:4.0(Medium)

IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968.

CWE-2842022

CVE-2024-20065

MEDIUM

CVSS:4.0(Medium)

In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interac...

CWE-2842024

CVE-2025-20144

MEDIUM

CVSS:4.0(Medium)

A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerabili...

CWE-2842025