CVE-2018-0089

CWE-264CWE-312Cleartext Storage of Sensitive InfoCWE-732Incorrect Permission Assignment4 documents4 sources
Severity
7.5HIGH
EPSS
0.7%
top 28.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Policy Suite
Timeline
PublishedJan 18
Latest updateMay 13

Description

A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access to the internal VLAN where CPS is deployed. The vulnerability is due to incorrect permissions of certain system files and not sufficiently protecting sensitive data that is at rest. An attacker could

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco_policy_suiteCisco Policy Suite
NVDcisco/policy_suite10.0.0, 11.0.0, 11.1.0+2

🔴Vulnerability Details

2
GHSA
GHSA-gh3x-qfrc-m238: A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to ac2022-05-13
CVEList
CVE-2018-0089: A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to ac2018-01-18

📋Vendor Advisories

1
Cisco
Cisco Policy Suite Unauthenticated Information Disclosure Vulnerability2018-01-18
CVE-2018-0089 (HIGH CVSS 7.5) | A vulnerability in the Policy and C | cvebase.io