Read-Only User Effect Change Vulnerability in Cisco Policy Suite
CVE-2018-0393

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Policy Suite Unknown
Vendor: CVE Published:; 18 July 2018

Summary

A Read-Only User Effect Change vulnerability exists in the Policy Builder interface of Cisco Policy Suite, enabling authenticated attackers to manipulate policies. This weakness stems from inadequate authorization controls, allowing adversaries to modify HTTP requests to gain unauthorized access. Exploiting this flaw could permit unauthorized changes to established policies, compromising system integrity and security management.

Affected Version(s)

Cisco Policy Suite unknown Cisco Policy Suite unknown

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104867

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2018
Vulnerability Reserved
Nov 27, 2017