OSGi Interface Vulnerability in Cisco Policy Suite
CVE-2018-0377

9.8CRITICAL

Key Information:

Vendor
Cisco
Status
Cisco Policy Suite Unknown
Vendor
CVE Published:
18 July 2018

Summary

A vulnerability in the OSGi interface of Cisco Policy Suite prior to version 18.1.0 allows unauthenticated remote attackers to connect directly to the interface. This security flaw arises from the absence of proper authentication mechanisms, enabling attackers to gain unauthorized access. Exploiting this vulnerability may allow attackers to read or modify any files accessible by the OSGi process. Cisco Bug ID: CSCvh18017. For detailed information, visit the Cisco Security Advisory or refer to SecurityFocus.

Affected Version(s)

Cisco Policy Suite unknown Cisco Policy Suite unknown

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104850
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.