CVE-2018-0377
CRITICALCisco Policy Suite < 18.1.0 - Unauthenticated Remote File Access via OSGi Interface
Title source: llmDescription
A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process. Cisco Bug IDs: CSCvh18017.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104850
Scores
CVSS v3
9.8
EPSS
0.0272
EPSS Percentile
84.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (2)
cisco/mobility_services_engine
14.0.0
cisco/policy_suite
< 18.1.0
Published
Jul 18, 2018
Tracked Since
Feb 18, 2026