Unauthenticated Access Vulnerability in Cisco Policy Suite
CVE-2018-0376

9.8CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Policy Suite Unknown
Vendor: CVE Published:; 18 July 2018

Summary

A vulnerability exists in the Policy Builder interface of Cisco Policy Suite versions prior to 18.2.0, allowing an unauthenticated remote attacker access to sensitive functionalities. The security flaw is attributed to the absence of proper authentication mechanisms. By exploiting this vulnerability, attackers can manipulate existing repositories and create new ones, posing significant risks to the integrity and confidentiality of the system.

Affected Version(s)

Cisco Policy Suite unknown Cisco Policy Suite unknown

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104849

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2018
Vulnerability Reserved
Nov 27, 2017