Lucene search
K
CiscoPolicy Suite

7 matches found

CVE
CVE
added 2018/07/18 11:0 p.m.68 views

CVE-2018-0376

CVE-2018-0376 affects Cisco Policy Suite prior to 18.2.0, in which the Policy Builder interface lacked authentication, allowing unauthenticated remote access to modify or create repositories. The vulnerability is documented with high/severe impact (CVSS v3.0: 9.8, CRITICAL) and was acknowledged b...

9.8CVSS9.2AI score0.02725EPSS
CVE
CVE
added 2021/11/04 3:35 p.m.61 views

CVE-2021-40119

CVE-2021-40119 affects Cisco Policy Suite. The root cause is reuse of static SSH keys across installations, enabling an unauthenticated attacker to log in as root via SSH to vulnerable devices. Cisco issued advisories and software updates; starting with Policy Suite releases 21.2.0 and later, dev...

10CVSS9.6AI score0.02417EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.60 views

CVE-2018-0377

Cisco Policy Suite CVE-2018-0377 concerns an unauthenticated access vulnerability in the OSGi interface prior to release 18.1.0. Root cause: lack of authentication on the OSGi interface, enabling remote connections that could read or modify files accessible to the OSGi process. Impact per sources...

9.8CVSS9.2AI score0.02725EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.54 views

CVE-2018-0375

CVE-2018-0375 affects Cisco Policy Suite Cluster Manager prior to 18.2.0. Root cause: undocumented, static credentials allow an unauthenticated, remote attacker to log in as root and execute arbitrary commands. Impact: full root access over the affected system via network; high confidentiality, i...

10CVSS9.7AI score0.0379EPSS
CVE
CVE
added 2017/05/18 7:0 p.m.53 views

CVE-2017-6623

CVE-2017-6623 describes a local privilege-escalation in Cisco Policy Suite (CPS) on CPS appliances. The root cause is incorrect sudoers permissions on a script file installed with CPS, enabling an authenticated local user to supply crafted CLI input and execute commands as root, thereby gaining r...

7.8CVSS7.8AI score0.0032EPSS
CVE
CVE
added 2017/08/17 8:0 p.m.50 views

CVE-2017-6781

CVE-2017-6781 affects Cisco Policy Suite (CPS) on CPS appliances, stemming from incorrect RBAC in shell user accounts. An authenticated, local attacker can login with valid credentials and supply crafted CLI input to gain a higher privilege level (not root). Known affected CPS releases include 9....

5.3CVSS5.5AI score0.00255EPSS
CVE
CVE
added 2018/01/18 6:0 a.m.45 views

CVE-2018-0089

The CVE-2018-0089 issue affects Cisco Policy Suite (CPS) PCRF. Affected component: PCRF within CPS. Root cause: incorrect permissions on certain system files, failing to protect sensitive data at rest. Impact: unauthenticated, remote attacker with access to the internal VLAN could request/view in...

7.5CVSS7.4AI score0.0103EPSS