Sign-up

ID

VAR-201807-0425


CVE

CVE-2018-0377


TITLE

Cisco Policy Suite Vulnerabilities related to lack of authentication for critical functions

Trust: 0.8

sources: JVNDB: JVNDB-2018-009079

DESCRIPTION

A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process. Cisco Bug IDs: CSCvh18017. Cisco Policy Suite Is vulnerable to a lack of authentication for critical functions. Vendors have confirmed this vulnerability Bug IDs: CSCvh18017 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. This solution provides functions such as user-based business rules, real-time management of applications and network resources

Trust: 1.98

sources: NVD: CVE-2018-0377 // JVNDB: JVNDB-2018-009079 // BID: 104850 // VULHUB: VHN-118579

AFFECTED PRODUCTS

vendor:ciscomodel:policy suitescope:ltversion:18.1.0

Trust: 1.8

vendor:ciscomodel:mobility services enginescope:eqversion:14.0.0

Trust: 1.6

vendor:ciscomodel:mobility services enginescope: - version: -

Trust: 0.8

vendor:ciscomodel:policy suitescope:eqversion:10.0.0

Trust: 0.6

vendor:ciscomodel:policy suitescope:eqversion:10.1.0

Trust: 0.6

vendor:ciscomodel:policy suitescope:eqversion:11.0.0

Trust: 0.6

vendor:ciscomodel:policy suitescope:eqversion:18.0

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:13.0

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:12.1

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:12.0

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:11.1

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:11.0

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:10.1

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:13.1.0

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:10.0

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:7.5

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:7.0.2

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:7.0.1.3

Trust: 0.3

vendor:ciscomodel:mobility services enginescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:policy suitescope:neversion:18.1

Trust: 0.3

sources: BID: 104850 // JVNDB: JVNDB-2018-009079 // CNNVD: CNNVD-201807-1296 // NVD: CVE-2018-0377

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0377
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-0377
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201807-1296
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118579
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0377
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118579
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0377
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118579 // JVNDB: JVNDB-2018-009079 // CNNVD: CNNVD-201807-1296 // NVD: CVE-2018-0377

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

sources: VULHUB: VHN-118579 // JVNDB: JVNDB-2018-009079 // NVD: CVE-2018-0377

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1296

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201807-1296

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009079

PATCH
title:cisco-sa-20180718-ps-osgi-unauth-accessurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access
Trust: 0.8
title:Cisco Policy Suite Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82197
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-009079 // 
            
            
            
            CNNVD: CNNVD-201807-1296

EXTERNAL IDS
db:NVDid:CVE-2018-0377
Trust: 2.8
db:BIDid:104850
Trust: 2.0
db:JVNDBid:JVNDB-2018-009079
Trust: 0.8
db:CNNVDid:CNNVD-201807-1296
Trust: 0.7
db:VULHUBid:VHN-118579
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118579 // 
            
            
            
            BID: 104850 // 
            
            
            
            JVNDB: JVNDB-2018-009079 // 
            
            
            
            CNNVD: CNNVD-201807-1296 // 
            
            
            
            NVD: CVE-2018-0377

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180718-ps-osgi-unauth-access
Trust: 2.0
url:http://www.securityfocus.com/bid/104850
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0377
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0377
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118579 // 
            
            
            
            BID: 104850 // 
            
            
            
            JVNDB: JVNDB-2018-009079 // 
            
            
            
            CNNVD: CNNVD-201807-1296 // 
            
            
            
            NVD: CVE-2018-0377

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 104850

SOURCES
db:VULHUBid:VHN-118579
db:BIDid:104850
db:JVNDBid:JVNDB-2018-009079
db:CNNVDid:CNNVD-201807-1296
db:NVDid:CVE-2018-0377

LAST UPDATE DATE
2024-11-23T22:55:50.622000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118579date:2019-10-09T00:00:00
db:BIDid:104850date:2018-07-18T00:00:00
db:JVNDBid:JVNDB-2018-009079date:2018-11-07T00:00:00
db:CNNVDid:CNNVD-201807-1296date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0377date:2024-11-21T03:38:05.917

SOURCES RELEASE DATE
db:VULHUBid:VHN-118579date:2018-07-18T00:00:00
db:BIDid:104850date:2018-07-18T00:00:00
db:JVNDBid:JVNDB-2018-009079date:2018-11-07T00:00:00
db:CNNVDid:CNNVD-201807-1296date:2018-07-19T00:00:00
db:NVDid:CVE-2018-0377date:2018-07-18T23:29:00.900