Vulnerability Details : CVE-2018-0285
A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability by performing certain operations that lead to excessive logging. A successful exploit could allow the attacker to deny service to the user interface. Cisco Bug IDs: CSCvd39568.
Products affected by CVE-2018-0285
- cpe:2.3:a:cisco:prime_service_catalog:11.1.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0285
1.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0285
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2018-0285
-
The product does not properly control the allocation and maintenance of a limited resource.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2018-0285
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-psc
Cisco Prime Service Catalog User Interface Denial of Service VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1040826
Cisco Prime Service Catalog Logging Function Lets Remote Authenticated Users Consume Excessive Disk Space - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/104082
Cisco Prime Service Catalog CVE-2018-0285 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
Jump to