CVE-2018-0181
published 2019-01-10CVE-2018-0181: A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an…
PriorityP263critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.17%
80.0th percentile
A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to reduce the efficiency of the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_policy_suite_for_mobile | — | — |
| cisco | cisco_policy_suite_software | — | — |
| cisco | policy_suite_for_mobile_and_cisco_policy_suite_diameter_routing_agent | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability involves unauthenticated remote access to a Redis server — detect unauthenticated Redis connections (no AUTH command) originating from external/untrusted network segments targeting Redis default port (6379). ↗
- →Monitor for unexpected Redis SET/DEL/MODIFY commands on key-value pairs from unauthenticated sessions, particularly on Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent deployments. ↗
- →Track Cisco Bug IDs CSCvf08748 and CSCvk64527 for patch status; unpatched Cisco Policy Suite Diameter Routing Agent instances remain exposed with no available software fix. ↗
- ·The Redis server used by Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent is configured without proper authentication, allowing unauthenticated remote access. ↗
- ·No software fix is available for Cisco Policy Suite Diameter Routing Agent; only a mitigation (not a full workaround) exists, leaving deployments persistently at risk. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco7.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability
vendor_cisco·2019-01-09·CVSS 7.3
CVE-2018-0181 [HIGH] CWE-306 Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability
Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability
A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server.
The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to reduce the efficiency of the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software.
Cisco has released software
Cisco
Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability
vendor_cisco·CVSS 3.0
CVE-2018-0181 Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability
CVE-2018-0181: Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability
A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to reduce the efficiency of the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software. Cisco has rele
GHSA
GHSA-cqvm-v5m7-9v85: A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could all
ghsa_unreviewed·2022-05-13
CVE-2018-0181 [CRITICAL] CWE-306 GHSA-cqvm-v5m7-9v85: A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could all
A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to reduce the efficiency of the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-01-10
Published