CVE-2018-0393

MEDIUM

Cisco Mobility Services Engine Firmware - Authenticated Policy Modification via Policy Builder Interface

Title source: llm

Description

A Read-Only User Effect Change vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by accessing the Policy Builder interface and modifying an HTTP request. A successful exploit could allow the attacker to make changes to existing policies. Cisco Bug IDs: CSCvi35007.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-suite-change

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/104867

Scores

CVSS v3 6.5

EPSS 0.0094

EPSS Percentile 56.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-285

Status published

Products (3)

cisco/mobility_services_engine_3310_firmware 18.0.0

cisco/mobility_services_engine_3355_firmware 18.0.0

cisco/mobility_services_engine_3365_firmware 18.0.0

Published Jul 18, 2018

Tracked Since Feb 18, 2026