Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Cisco Policy Suite OSGi Interface Unauthenticated Access Vulnerability
Informations
Name cisco-sa-20180718-ps-osgi-unauth-access First vendor Publication 2018-07-18
Vendor Cisco Last vendor Modification 2018-07-18
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite could allow an unauthenticated, remote attacker to directly connect to the OSGi interface.

The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJbT2bQXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczKlQQAJ0jce3z5i0P2BZDSazlTvZxxBu6 JuCD0AiKhQV6s5BjzNbW1JCfvUbo90RCD8Ox3sBXLDRhAi8nq81OH+jY2VLvtQ// Kx7B3tySuUSGPBB9YLZY6IfdUbqIccgSYJwXmHyxzEmeC8PSreKJ9cuD84nyl00X jourZC/DCeCtPeeBp1BRFsrEcLrP+gz+Ixol7zl5UOciiKpPEqVH1stRaepbVwwN eS2bS7JCuIxjE6581hxYNHrhF0v+4yRICtLmwQP3Q2TXm6B2lb+MTCGgl7uHmZJ/ YOUtYCOk0MdptLS3GGNxvB32kykpgxtA6uc+PjXyZrMSOw0xXcmDbSxLdjL/xHCN i4doOBtKrw3jM/jgA57D6VNejAwPYDZN63jML9uH34eUCLaI8nmWNUkLkMWacbsF 04qhOv82k964ZPy5nbju4lpq9QqOt09WKzyRNPg5ryIOR9zwWJu5mk/RV+HKTmx2 lAj7BJnbxGXaMDL9ftd+OZl44XzJTRQUP68Eb+ZsaKHb5DcPEUOBlwOV/QWaziuM 3gITK81Ufd7e5J0+Guc43T7rFdJthSALGbJTkITMQmEX4TFLpdk1M+0eEg18b/PM 04msEjqpZW405RcNNneg5nvfhj+xcVBss3aOgwV12r/wxWLKD6ONatU8Dcwcsjuq no6hkl7Yp1OIWXPj =tO7j END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-306 Missing Authentication for Critical Function (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 8

Snort® IPS/IDS

Date Description
2020-12-05 Cisco Policy Suite interface unauthenticated access attempt
RuleID : 47286 - Revision : 1 - Type : SERVER-OTHER
2020-12-05 Cisco Policy Suite interface unauthenticated access attempt
RuleID : 47285 - Revision : 1 - Type : SERVER-OTHER

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2020-12-05 21:23:46
  • Multiple Updates
2018-09-20 17:21:24
  • Multiple Updates
2018-07-19 05:20:08
  • Multiple Updates
2018-07-18 21:18:59
  • First insertion