Vulnerability Details : CVE-2018-0374
A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by connecting directly to the Policy Builder database. A successful exploit could allow the attacker to access and change any data in the Policy Builder database. Cisco Bug IDs: CSCvh06134.
Products affected by CVE-2018-0374
- cpe:2.3:a:cisco:mobility_services_engine:14.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0374
0.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0374
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-0374
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2018-0374
-
http://www.securityfocus.com/bid/104851
Cisco Policy Suite Policy Builder Database CVE-2018-0374 Authentication Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-unauth-access
Cisco Policy Suite Policy Builder Database Unauthenticated Access VulnerabilityVendor Advisory
Jump to