VDB
CVE-2018-0428
CVE-2018-0428
PUBLISHED
CVSS 6.699999809265137 MEDIUM
A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to improper implementation of access controls. An attacker could exploit this vulnerability by authenticating to the device as a specific user to gain the information needed to elevate privileges to root in a separate login shell. A successful exploit could allow the attacker to escape the CLI subshell and execute system-level commands on the underlying operating system as root. Cisco Bug IDs: CSCvj93548.
EPSS 0.06% · 17.9th percentile
Risk Scores
CVSS 3.0
6.699999809265137
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.06%
17.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco Systems, Inc. | Web Security Appliance | * |
| cisco | web_security_appliance | 11.0.0-fcs-250, 11.5.0-fcs-000, wsa10.5.0-fcs-000 |
Exploit Intelligence
- 105104 (circl)
- 1041536 (circl)
- 20180815 Cisco Web Security Appliance Privilege Escalation Vulnerability (circl)
Timeline
- Aug 15, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- 105104 vdb
- 1041536 vdb
- 20180815 Cisco Web Security Appliance Privilege Escalation Vulnerability vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2018-0428 advisory