RADIUS Authentication Vulnerability in Cisco Policy Suite
CVE-2018-0116

7.2HIGH

Key Information:

Vendor: Cisco
Status: Cisco Policy Suite
Vendor: CVE Published:; 8 February 2018

What is CVE-2018-0116?

A vulnerability exists in the RADIUS authentication module of Cisco Policy Suite allowing an unauthenticated remote attacker to gain subscriber access without a valid password. The exploitation requires a valid username, and occurs due to improper validation of RADIUS user credentials. This vulnerability impacts Cisco Policy Suite versions before 13.1.0 with Hotfix Patch 1 and affects Release 14.0.0, even though RADIUS authentication is not officially supported in this release and later versions. Admins should ensure proper versioning and consider mitigation strategies.

Affected Version(s)

Cisco Policy Suite Cisco Policy Suite

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/102968

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 8, 2018
Vulnerability Reserved
Nov 27, 2017