Details of VAR-201807-0423

ID

VAR-201807-0423

CVE

CVE-2018-0375

TITLE

Cisco Policy Suite Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2018-009082

DESCRIPTION

A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the root account. An attacker could exploit this vulnerability by using the account to log in to an affected system. An exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. Cisco Bug IDs: CSCvh02680. Cisco Policy Suite Contains a vulnerability in the use of hard-coded credentials. Vendors have confirmed this vulnerability Cisco Bug IDs: CSCvh02680 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This solution provides functions such as user-based business rules, real-time management of applications and network resources. Cluster Manager is one of the cluster managers

Trust: 2.07

sources: NVD: CVE-2018-0375 // JVNDB: JVNDB-2018-009082 // BID: 104852 // VULHUB: VHN-118577 // VULMON: CVE-2018-0375

AFFECTED PRODUCTS

vendor:	cisco	model:	policy suite	scope:	lt	version:	18.2.0	Trust: 1.8
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	14.0.0	Trust: 1.6
vendor:	cisco	model:	mobility services engine	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	policy suite	scope:	eq	version:	13.0	Trust: 0.6
vendor:	cisco	model:	policy suite	scope:	eq	version:	10.0.0	Trust: 0.6
vendor:	cisco	model:	policy suite	scope:	eq	version:	10.1.0	Trust: 0.6
vendor:	cisco	model:	policy suite	scope:	eq	version:	11.0.0	Trust: 0.6
vendor:	cisco	model:	policy suite	scope:	eq	version:	18.1	Trust: 0.3
vendor:	cisco	model:	policy suite	scope:	eq	version:	18.0	Trust: 0.3
vendor:	cisco	model:	policy suite	scope:	eq	version:	12.1	Trust: 0.3
vendor:	cisco	model:	policy suite	scope:	eq	version:	12.0	Trust: 0.3
vendor:	cisco	model:	policy suite	scope:	eq	version:	11.1	Trust: 0.3
vendor:	cisco	model:	policy suite	scope:	eq	version:	11.0	Trust: 0.3
vendor:	cisco	model:	policy suite	scope:	eq	version:	10.1	Trust: 0.3
vendor:	cisco	model:	policy suite	scope:	eq	version:	13.1.0	Trust: 0.3
vendor:	cisco	model:	policy suite	scope:	eq	version:	10.0	Trust: 0.3
vendor:	cisco	model:	policy suite	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	policy suite	scope:	eq	version:	13.1	Trust: 0.3
vendor:	cisco	model:	policy suite	scope:	eq	version:	7.5	Trust: 0.3
vendor:	cisco	model:	policy suite	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	cisco	model:	policy suite	scope:	eq	version:	7.0.1.3	Trust: 0.3
vendor:	cisco	model:	policy suite	scope:	ne	version:	18.2	Trust: 0.3

sources: BID: 104852 // JVNDB: JVNDB-2018-009082 // CNNVD: CNNVD-201807-1298 // NVD: CVE-2018-0375

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0375
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-0375
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201807-1298
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-118577
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-0375
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0375
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-118577
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0375
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118577 // VULMON: CVE-2018-0375 // JVNDB: JVNDB-2018-009082 // CNNVD: CNNVD-201807-1298 // NVD: CVE-2018-0375

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.9

sources: VULHUB: VHN-118577 // JVNDB: JVNDB-2018-009082 // NVD: CVE-2018-0375

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1298

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201807-1298

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009082

PATCH

title:	cisco-sa-20180718-policy-cm-default-psswrd	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-cm-default-psswrd	Trust: 0.8
title:	Cisco Policy Suite Cluster Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82199	Trust: 0.6
title:	Cisco: Cisco Policy Suite Cluster Manager Default Password Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180718-policy-cm-default-psswrd	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/cisco-removes-undocumented-root-password-from-bandwidth-monitoring-software/	Trust: 0.1

sources: VULMON: CVE-2018-0375 // JVNDB: JVNDB-2018-009082 // CNNVD: CNNVD-201807-1298

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0375	Trust: 2.9
db:	BID	id:	104852	Trust: 2.1
db:	JVNDB	id:	JVNDB-2018-009082	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-1298	Trust: 0.7
db:	VULHUB	id:	VHN-118577	Trust: 0.1
db:	VULMON	id:	CVE-2018-0375	Trust: 0.1

sources: VULHUB: VHN-118577 // VULMON: CVE-2018-0375 // BID: 104852 // JVNDB: JVNDB-2018-009082 // CNNVD: CNNVD-201807-1298 // NVD: CVE-2018-0375

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180718-policy-cm-default-psswrd	Trust: 2.2
url:	http://www.securityfocus.com/bid/104852	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0375	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0375	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/798.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-118577 // VULMON: CVE-2018-0375 // BID: 104852 // JVNDB: JVNDB-2018-009082 // CNNVD: CNNVD-201807-1298 // NVD: CVE-2018-0375

CREDITS

Cisco

Trust: 0.3

sources: BID: 104852

SOURCES

db:	VULHUB	id:	VHN-118577
db:	VULMON	id:	CVE-2018-0375
db:	BID	id:	104852
db:	JVNDB	id:	JVNDB-2018-009082
db:	CNNVD	id:	CNNVD-201807-1298
db:	NVD	id:	CVE-2018-0375

LAST UPDATE DATE

2024-11-23T23:02:07.552000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118577	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2018-0375	date:	2019-10-09T00:00:00
db:	BID	id:	104852	date:	2018-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-009082	date:	2018-11-07T00:00:00
db:	CNNVD	id:	CNNVD-201807-1298	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0375	date:	2024-11-21T03:38:05.670

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118577	date:	2018-07-18T00:00:00
db:	VULMON	id:	CVE-2018-0375	date:	2018-07-18T00:00:00
db:	BID	id:	104852	date:	2018-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-009082	date:	2018-11-07T00:00:00
db:	CNNVD	id:	CNNVD-201807-1298	date:	2018-07-19T00:00:00
db:	NVD	id:	CVE-2018-0375	date:	2018-07-18T23:29:00.807