Sign-up

ID

VAR-201807-0422


CVE

CVE-2018-0374


TITLE

Cisco Policy Suite Vulnerabilities related to lack of authentication for critical functions

Trust: 0.8

sources: JVNDB: JVNDB-2018-008390

DESCRIPTION

A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by connecting directly to the Policy Builder database. A successful exploit could allow the attacker to access and change any data in the Policy Builder database. Cisco Bug IDs: CSCvh06134. Cisco Policy Suite Is vulnerable to a lack of authentication for critical functions. Vendors have confirmed this vulnerability Bug ID CSCvh06134 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. This solution provides functions such as user-based business rules, real-time management of applications and network resources

Trust: 1.98

sources: NVD: CVE-2018-0374 // JVNDB: JVNDB-2018-008390 // BID: 104851 // VULHUB: VHN-118576

AFFECTED PRODUCTS

vendor:ciscomodel:mobility services enginescope:eqversion:14.0.0

Trust: 1.6

vendor:ciscomodel:mobility services enginescope: - version: -

Trust: 0.8

vendor:ciscomodel:policy suitescope:eqversion:18.1

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:18.0

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:13.0

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:12.1

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:12.0

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:11.1

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:11.0

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:10.1

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:13.1.0

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:10.0

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:7.5

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:7.0.2

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:7.0.1.3

Trust: 0.3

vendor:ciscomodel:mobility services enginescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:policy suitescope:neversion:18.2

Trust: 0.3

sources: BID: 104851 // JVNDB: JVNDB-2018-008390 // CNNVD: CNNVD-201807-1299 // NVD: CVE-2018-0374

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0374
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-0374
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201807-1299
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118576
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0374
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118576
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0374
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118576 // JVNDB: JVNDB-2018-008390 // CNNVD: CNNVD-201807-1299 // NVD: CVE-2018-0374

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

sources: VULHUB: VHN-118576 // JVNDB: JVNDB-2018-008390 // NVD: CVE-2018-0374

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1299

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201807-1299

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008390

PATCH
title:cisco-sa-20180718-policy-unauth-accessurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-unauth-access
Trust: 0.8
title:Cisco Policy Suite Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82200
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008390 // 
            
            
            
            CNNVD: CNNVD-201807-1299

EXTERNAL IDS
db:NVDid:CVE-2018-0374
Trust: 2.8
db:BIDid:104851
Trust: 2.0
db:JVNDBid:JVNDB-2018-008390
Trust: 0.8
db:CNNVDid:CNNVD-201807-1299
Trust: 0.7
db:VULHUBid:VHN-118576
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118576 // 
            
            
            
            BID: 104851 // 
            
            
            
            JVNDB: JVNDB-2018-008390 // 
            
            
            
            CNNVD: CNNVD-201807-1299 // 
            
            
            
            NVD: CVE-2018-0374

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180718-policy-unauth-access
Trust: 2.0
url:http://www.securityfocus.com/bid/104851
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0374
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0374
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118576 // 
            
            
            
            BID: 104851 // 
            
            
            
            JVNDB: JVNDB-2018-008390 // 
            
            
            
            CNNVD: CNNVD-201807-1299 // 
            
            
            
            NVD: CVE-2018-0374

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 104851

SOURCES
db:VULHUBid:VHN-118576
db:BIDid:104851
db:JVNDBid:JVNDB-2018-008390
db:CNNVDid:CNNVD-201807-1299
db:NVDid:CVE-2018-0374

LAST UPDATE DATE
2024-11-23T22:48:41.223000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118576date:2019-10-09T00:00:00
db:BIDid:104851date:2018-07-18T00:00:00
db:JVNDBid:JVNDB-2018-008390date:2018-10-16T00:00:00
db:CNNVDid:CNNVD-201807-1299date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0374date:2024-11-21T03:38:05.553

SOURCES RELEASE DATE
db:VULHUBid:VHN-118576date:2018-07-18T00:00:00
db:BIDid:104851date:2018-07-18T00:00:00
db:JVNDBid:JVNDB-2018-008390date:2018-10-16T00:00:00
db:CNNVDid:CNNVD-201807-1299date:2018-07-19T00:00:00
db:NVDid:CVE-2018-0374date:2018-07-18T23:29:00.777