7.5 - cisco-sa-20180718-policy-unauth-access

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	Cisco Policy Suite Policy Builder Database Unauthenticated Access Vulnerability

Informations
Name	cisco-sa-20180718-policy-unauth-access	First vendor Publication	2018-07-18
Vendor	Cisco	Last vendor Modification	2018-07-18
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the Policy Builder database of Cisco Policy Suite could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database.

The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by connecting directly to the Policy Builder database. A successful exploit could allow the attacker to access and change any data in the Policy Builder database.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-unauth-access ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-unauth-access"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJbT2bIXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczdA0QAKLwNTUlGaytyyhWXSMKRjQphEeu oHlxBvPr4507/PkUqFyM/rd5bcS/Sh5LvctoVa+lX3r0FZHDMS2XyiCNYWQESN5t SX4RiylCcMrVbcaCkDGXoq2F59F5m8FX25ZJ21Y52+abElxf0cHCyBo+bEZfCaDM McCtHUabxey4jCe3HGBhRdnoEMvt0SLO04jOcgW3ZGAEa9aAj8fWHCb/HWAfdwZm CB3xGejkQYiFc8JD6JI0GUkFpkQczKwAUhartf1h/EMvsTJP65A8pUyyWE54Ojlb 1ydsWLm4VWKjA3cwRTCCwwhv9ferPrtBSBpgQyG5D+yRrW/VMX6AXfD/XHA6t/oV 6jzWojJjEir9wRLKqG1iLdBidUHyNUv9AQY1+jdYZvTT55T55t/B7HSAdCL23HGN 4DNtk4nQa+YjWU0bMBLjEnqxKo/4nLEJjj6y1TlELBORk7YDk2j3lZuEzJXkb+M/ pvRHWlo/csPMzs20lNUzlOLLjSGkWfSOLtnuG0pSngG20bj+AF2g6S5VmEetXjAv 95kAQ7CncJBUCn1Eu0X3TKIvkQyb67/RgTekDJ+LxJXH/u9LSvbbxILYXyrq9nkn uIIVon8+attnqsoMU0+DFhIrFOMMCdo/MXKaJCxDEFORn6Z7z+pbMXbKc/LoopAq ag/wJlHemwD/YQRh =+paR END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-306	Missing Authentication for Critical Function (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Application	Cisco Mobility Services Engine cpe:2.3:a:cisco:mobility_services_engine:14.0.0:::::::*	1

Alert History

If you want to see full details history, please login or register.

Date	Informations
2018-09-19 17:21:56	Multiple Updates
2018-07-19 05:20:08	Multiple Updates
2018-07-18 21:18:56	First insertion

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	1

	Related
9.8	CVE-2018-0374
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

7.5 - cisco-sa-20180718-policy-unauth-access

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU