Vulnerability CVE-2018-0285
Published: 2018-05-02   Modified: 2018-05-03

Description:
A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability by performing certain operations that lead to excessive logging. A successful exploit could allow the attacker to deny service to the user interface. Cisco Bug IDs: CSCvd39568.

Type:

CWE-400

 (Uncontrolled Resource Consumption ('Resource Exhaustion'))

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Cisco -> Prime service catalog 

 References:
http://www.securityfocus.com/bid/104082
http://www.securitytracker.com/id/1040826
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-psc
Copyright 2024, cxsecurity.com

 

Back to Top