CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
34.1%
A Read-Only User Effect Change vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by accessing the Policy Builder interface and modifying an HTTP request. A successful exploit could allow the attacker to make changes to existing policies. Cisco Bug IDs: CSCvi35007.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | mobility_services_engine_3365_firmware | 18.0.0 | cpe:2.3:o:cisco:mobility_services_engine_3365_firmware:18.0.0:*:*:*:*:*:*:* |
cisco | mobility_services_engine_3365 | - | cpe:2.3:h:cisco:mobility_services_engine_3365:-:*:*:*:*:*:*:* |
cisco | mobility_services_engine_3355_firmware | 18.0.0 | cpe:2.3:o:cisco:mobility_services_engine_3355_firmware:18.0.0:*:*:*:*:*:*:* |
cisco | mobility_services_engine_3355 | - | cpe:2.3:h:cisco:mobility_services_engine_3355:-:*:*:*:*:*:*:* |
cisco | mobility_services_engine_3310_firmware | 18.0.0 | cpe:2.3:o:cisco:mobility_services_engine_3310_firmware:18.0.0:*:*:*:*:*:*:* |
cisco | mobility_services_engine_3310 | - | cpe:2.3:h:cisco:mobility_services_engine_3310:-:*:*:*:*:*:*:* |
[
{
"product": "Cisco Policy Suite unknown",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Policy Suite unknown"
}
]
}
]
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
34.1%