CVE-2018-0374
CRITICALCisco Policy Suite < 18.2.0 - Unauthenticated Policy Builder Database Access
Title source: llmDescription
A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by connecting directly to the Policy Builder database. A successful exploit could allow the attacker to access and change any data in the Policy Builder database. Cisco Bug IDs: CSCvh06134.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104851
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-unauth-access
Scores
CVSS v3
9.8
EPSS
0.0272
EPSS Percentile
84.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (1)
cisco/mobility_services_engine
14.0.0
Published
Jul 18, 2018
Tracked Since
Feb 18, 2026