Remote Access Vulnerability in Cisco Policy Suite Database
CVE-2018-0374

9.8CRITICAL

Key Information:

Vendor
Cisco
Status
Cisco Policy Suite Unknown
Vendor
CVE Published:
18 July 2018

Summary

A vulnerability exists in the Policy Builder database of Cisco Policy Suite prior to version 18.2.0 that may permit an unauthenticated remote attacker to access the Policy Builder database directly. This flaw arises from inadequate authentication mechanisms. An attacker could exploit this weakness by establishing a direct connection to the Policy Builder database, potentially leading to unauthorized access to sensitive data and the capability to modify it. It is crucial for users of affected versions to apply the latest updates to mitigate this risk.

Affected Version(s)

Cisco Policy Suite unknown Cisco Policy Suite unknown

References

http://www.securityfocus.com/bid/104851
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.