The vulnerability of the Policy Builder database of the Cisco Policy Suite software management tool allows a perpetrator to access the database and modify arbitrary data.

🗓️ 26 Jul 2018 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru

The Cisco Policy Builder database has no authentication, enabling attackers to access and modify data.

Reporter	Title	Published	Views	Family All 9
Cisco	Cisco Policy Suite Policy Builder Database Unauthenticated Access Vulnerability	18 Jul 201816:00	–	cisco
CNVD	Cisco Policy Suite Policy Builder Authentication Bypass Vulnerability	19 Jul 201800:00	–	cnvd
CVE	CVE-2018-0374	18 Jul 201823:00	–	cve
Cvelist	CVE-2018-0374	18 Jul 201823:00	–	cvelist
EUVD	EUVD-2018-1197	7 Oct 202500:30	–	euvd
NVD	CVE-2018-0374	18 Jul 201823:29	–	nvd
Prion	Design/Logic Flaw	18 Jul 201823:29	–	prion
ThreatPost	Critical Authentication Flaws in Cisco Policy Suite Patched	19 Jul 201813:22	–	threatpost
Vulnrichment	CVE-2018-0374	18 Jul 201823:00	–	vulnrichment

Vulners

Node

cisco_systems cisco_policy_suiteRange<18.2.0

Source	Link
tools	www.tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-unauth-access
threatpost	www.threatpost.com/critical-authentication-flaws-in-cisco-policy-suite-patched/134158/
securitylab	www.securitylab.ru/news/494535.php
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

5.6Medium risk

Vulners AI Score5.6

CVSS 39.8

CVSS 210

EPSS0.05261

policy builder database no authentication unauthorized access data modification policy management tool