Auth bypass in Cisco Unified Computing System Director

CVE-2018-15405

A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerabili…

EPSS: 0.001 (29.5th percentile) — read the EPSS interpretation.

Affected products

Cisco Unified Computing System Director — versions n/a

Weakness classification (CWE)

CWE-285 — Improper Authorization

References

1041779 (vdb-entry, x_refsource_SECTRACK)
20181003 Cisco Integrated Management Controller Supervisor and Cisco UCS Director Authenticated Web Interface Information Disclosure Vulnerability (x_refsource_CISCO, vendor-advisory)