VDB
CVE-2018-15404
CVE-2018-15404
PUBLISHED
CVSS 4 MEDIUM
A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient restrictions on the size or total amount of resources allowed via the web interface. An attacker who has valid credentials for the application could exploit this vulnerability by sending a crafted or malformed HTTP request to the web interface. A successful exploit could allow the attacker to cause oversubscription of system resources or cause a component to become unresponsive, resulting in a DoS condition.
EPSS 0.47% · 65.2th percentile
Risk Scores
CVSS 2.0
4
EPSS Score
0.47%
65.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | integrated_management_controller_supervisor | 2.1\(0.0\) |
| Cisco | Cisco Unified Computing System Director | * |
| cisco | unified_computing_system_director | 6.6\(0.0\) |
Exploit Intelligence
Timeline
- Oct 3, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score