Executive Summary
Summary | |
---|---|
Title | Cisco Policy Suite OSGi Interface Unauthenticated Access Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180718-ps-osgi-unauth-access | First vendor Publication | 2018-07-18 |
Vendor | Cisco | Last vendor Modification | 2018-07-18 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access"] BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJbT2bQXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczKlQQAJ0jce3z5i0P2BZDSazlTvZxxBu6 JuCD0AiKhQV6s5BjzNbW1JCfvUbo90RCD8Ox3sBXLDRhAi8nq81OH+jY2VLvtQ// Kx7B3tySuUSGPBB9YLZY6IfdUbqIccgSYJwXmHyxzEmeC8PSreKJ9cuD84nyl00X jourZC/DCeCtPeeBp1BRFsrEcLrP+gz+Ixol7zl5UOciiKpPEqVH1stRaepbVwwN eS2bS7JCuIxjE6581hxYNHrhF0v+4yRICtLmwQP3Q2TXm6B2lb+MTCGgl7uHmZJ/ YOUtYCOk0MdptLS3GGNxvB32kykpgxtA6uc+PjXyZrMSOw0xXcmDbSxLdjL/xHCN i4doOBtKrw3jM/jgA57D6VNejAwPYDZN63jML9uH34eUCLaI8nmWNUkLkMWacbsF 04qhOv82k964ZPy5nbju4lpq9QqOt09WKzyRNPg5ryIOR9zwWJu5mk/RV+HKTmx2 lAj7BJnbxGXaMDL9ftd+OZl44XzJTRQUP68Eb+ZsaKHb5DcPEUOBlwOV/QWaziuM 3gITK81Ufd7e5J0+Guc43T7rFdJthSALGbJTkITMQmEX4TFLpdk1M+0eEg18b/PM 04msEjqpZW405RcNNneg5nvfhj+xcVBss3aOgwV12r/wxWLKD6ONatU8Dcwcsjuq no6hkl7Yp1OIWXPj =tO7j END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-306 | Missing Authentication for Critical Function (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-05 | Cisco Policy Suite interface unauthenticated access attempt RuleID : 47286 - Revision : 1 - Type : SERVER-OTHER |
2020-12-05 | Cisco Policy Suite interface unauthenticated access attempt RuleID : 47285 - Revision : 1 - Type : SERVER-OTHER |
Alert History
Date | Informations |
---|---|
2020-12-05 21:23:46 |
|
2018-09-20 17:21:24 |
|
2018-07-19 05:20:08 |
|
2018-07-18 21:18:59 |
|