cbcvebase.
CVE-2018-0374
published 2018-07-18

CVE-2018-0374: A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the…

PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.73%
84.2th percentile
A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by connecting directly to the Policy Builder database. A successful exploit could allow the attacker to access and change any data in the Policy Builder database. Cisco Bug IDs: CSCvh06134.

Affected

2 ranges
VendorProductVersion rangeFixed in
ciscomobility_services_engine
ciscopolicy_suite_policy_builder_database_unauthenticated_access

Detection & IOCsextracted from sources · hover to see the quote

  • Detect unauthenticated direct connections to the Cisco Policy Suite Policy Builder database — no credentials will be presented in the connection attempt
  • Monitor for unauthorized read or write activity against the Policy Builder database, particularly from external/untrusted source IPs with no prior authentication exchange
  • Flag any remote connection to the Policy Builder database that lacks an authentication handshake — the root cause is a complete absence of authentication on the database listener
  • ·Vulnerability only exists in Cisco Policy Suite versions prior to 18.2.0; systems already upgraded to 18.2.0 or later are not affected
  • ·There are no workarounds available for CVE-2018-0374; patching to 18.2.0 is the only remediation

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.