Remote Access Vulnerability in Cisco Policy Suite Cluster Manager
CVE-2018-0375

9.8CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Policy Suite Unknown
Vendor: CVE Published:; 18 July 2018

Summary

The Cluster Manager of Cisco Policy Suite prior to version 18.2.0 is susceptible to a security flaw that permits unauthenticated remote access to the system. This issue arises from the existence of undocumented static user credentials for the root account. An attacker leveraging this vulnerability can gain unauthorized access and may execute arbitrary commands with root privileges, highlighting significant risks for the affected systems.

Affected Version(s)

Cisco Policy Suite unknown Cisco Policy Suite unknown

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104852

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2018
Vulnerability Reserved
Nov 27, 2017