cbcvebase.
CVE-2018-0181
published 2019-01-10

CVE-2018-0181: A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an…

PriorityP263critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.17%
80.0th percentile
A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to reduce the efficiency of the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software.

Affected

3 ranges
VendorProductVersion rangeFixed in
ciscocisco_policy_suite_for_mobile
ciscocisco_policy_suite_software
ciscopolicy_suite_for_mobile_and_cisco_policy_suite_diameter_routing_agent

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability involves unauthenticated remote access to a Redis server — detect unauthenticated Redis connections (no AUTH command) originating from external/untrusted network segments targeting Redis default port (6379).
  • Monitor for unexpected Redis SET/DEL/MODIFY commands on key-value pairs from unauthenticated sessions, particularly on Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent deployments.
  • Track Cisco Bug IDs CSCvf08748 and CSCvk64527 for patch status; unpatched Cisco Policy Suite Diameter Routing Agent instances remain exposed with no available software fix.
  • ·The Redis server used by Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent is configured without proper authentication, allowing unauthenticated remote access.
  • ·No software fix is available for Cisco Policy Suite Diameter Routing Agent; only a mitigation (not a full workaround) exists, leaving deployments persistently at risk.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco7.3HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.