CVE-2018-0468 — Vulnetix

CVE-2018-0468 PUBLISHED CVSS 4.599999904632568 MEDIUM

A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite (CEMS) could allow an authenticated, local attacker to access and alter confidential data. The vulnerability is due to the installation of the PostgreSQL database with unchanged default access credentials. An attacker could exploit this vulnerability by logging in to the machine where CEMS is installed and establishing a local connection to the database. The fix for this vulnerability randomizes the database access password in new installations; however, the fix will not change the password for existing installations. Users are required to manually change the password, as documented in the Workarounds section of this advisory. There are workarounds that address this vulnerability.

EPSS 0.06% · 19.1th percentile

Risk Scores

CVSS 2.0

4.599999904632568

EPSS Score

0.06%

19.1th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
cisco	energy_management_suite	5.2

Exploit Intelligence

20181204 Cisco Energy Management Suite Default PostgreSQL Password Vulnerability (circl)
106124 (circl)
https://www.tenable.com/security/research/tra-2018-42 (circl)

Timeline

Dec 4, 2018 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 28, 2022 EPSS Score
May 2, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 5, 2022 EPSS Score
Nov 6, 2022 EPSS Score
Jan 8, 2023 EPSS Score

References

20181204 Cisco Energy Management Suite Default PostgreSQL Password Vulnerability vendor-advisory
106124 vdb
https://www.tenable.com/security/research/tra-2018-42 url
https://nvd.nist.gov/vuln/detail/CVE-2018-0468 advisory

Open in Interactive Console →