CVE-2018-0375
CRITICALCisco Policy Suite < 18.2.0 - Unauthenticated Use of Hard-coded Credentials
Title source: llmDescription
A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the root account. An attacker could exploit this vulnerability by using the account to log in to an affected system. An exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. Cisco Bug IDs: CSCvh02680.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-cm-default-psswrd
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104852
Scores
CVSS v3
9.8
EPSS
0.0379
EPSS Percentile
88.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-798
Status
published
Products (2)
cisco/mobility_services_engine
14.0.0
cisco/policy_suite
< 18.2.0
Published
Jul 18, 2018
Tracked Since
Feb 18, 2026