CVE-2018-0134

CWE-200Information ExposureCWE-2034 documents4 sources
Severity
5.3MEDIUM
EPSS
0.4%
top 41.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Mobility Services Engine
Timeline
PublishedFeb 8
Latest updateMay 13

Description

A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different authentication failure messages based on the validity of usernames. An attacker could use these messages to determine whether a valid subscriber username has been identified. The attacker could use this information in subsequen

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco_policy_suiteCisco Policy Suite
NVDcisco/mobility_services_engine13.0.0, 13.1.0+1

🔴Vulnerability Details

2
GHSA
GHSA-rm29-q8c8-prwc: A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subsc2022-05-13
CVEList
CVE-2018-0134: A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subsc2018-02-08

📋Vendor Advisories

1
Cisco
Cisco Policy Suite RADIUS Authentication Information Disclosure Vulnerability2018-02-08