Cisco Policy Suite Read-Only User Effect Change Vulnerability

2018-07-1816:00:00

tools.cisco.com

EPSS

0.001

Percentile

34.1%

JSON

A vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder interface.

The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by accessing the Policy Builder interface and modifying an HTTP request. A successful exploit could allow the attacker to make changes to existing policies.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-suite-change [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-suite-change”]

Affected configurations

Vulners

Node

ciscocisco_policy_suiteMatchany

VendorProductVersionCPE
ciscocisco_policy_suiteanycpe:2.3:a:cisco:cisco_policy_suite:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	cisco_policy_suite	any	cpe:2.3:a:cisco:cisco_policy_suite:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-suite-change

EPSS

0.001

Percentile

34.1%

JSON

Related for CISCO-SA-20180718-POLICY-SUITE-CHANGE