CVE-2018-15386 is due to an insecure default configuration of the affected system. Unauthenticated, remote attackers could exploit it by directly connecting to the exposed services, and would then be able to retrieve and modify critical system files.
Read full news article on Help Net Security