CVE-2018-0375
published 2018-07-18CVE-2018-0375: A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system…
PriorityP270critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.79%
88.6th percentile
A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the root account. An attacker could exploit this vulnerability by using the account to log in to an affected system. An exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. Cisco Bug IDs: CSCvh02680.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | mobility_services_engine | — | — |
| cisco | policy_suite | < 18.2.0 | 18.2.0 |
| cisco | policy_suite_cluster_manager_default_password | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The Cluster Manager component of Cisco Policy Suite uses a static, default password for the root account — detect successful or attempted root logins to Cluster Manager nodes from unexpected sources ↗
- →Alert on execution of arbitrary commands as root on Cisco Policy Suite Cluster Manager nodes, which may indicate successful exploitation of the default credential vulnerability ↗
- →Presence of the workaround script change_passwd.sh on a Cisco Policy Suite system indicates the default root credential has not yet been changed via the official patch path; its absence on unpatched systems is a risk indicator ↗
- ·The default static root credentials are undocumented; no public disclosure of the actual credential value appears in the sources — detection must rely on behavioral indicators (unexpected root logins) rather than credential-string matching ↗
- ·The vulnerability affects all Cisco Policy Suite releases prior to 18.2.0; systems not yet upgraded to 18.2.0 remain exposed ↗
- ·Cisco states there are no workarounds that fully address this vulnerability; the change_passwd.sh script is a partial mitigation only ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Policy Suite Cluster Manager Default Password Vulnerability
vendor_cisco·2018-07-18·CVSS 9.8
CVE-2018-0375 [CRITICAL] CWE-798 Cisco Policy Suite Cluster Manager Default Password Vulnerability
Cisco Policy Suite Cluster Manager Default Password Vulnerability
A vulnerability in the Cluster Manager of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials.
The vulnerability is due to the presence of undocumented, static user credentials for the root account. An attacker could exploit this vulnerability by using the account to log in to an affected system. An exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cis
Cisco
Cisco Policy Suite Cluster Manager Default Password Vulnerability
vendor_cisco·CVSS 3.0
CVE-2018-0375 Cisco Policy Suite Cluster Manager Default Password Vulnerability
CVE-2018-0375: Cisco Policy Suite Cluster Manager Default Password Vulnerability
A vulnerability in the Cluster Manager of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the root account. An attacker could exploit this vulnerability by using the account to log in to an affected system. An exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.0
CWE: CWE-798, CWE-798
Bug IDs: CSCvh02680
GHSA
GHSA-xrfp-387h-5473: A vulnerability in the Cluster Manager of Cisco Policy Suite before 18
ghsa_unreviewed·2022-05-13
CVE-2018-0375 [CRITICAL] CWE-798 GHSA-xrfp-387h-5473: A vulnerability in the Cluster Manager of Cisco Policy Suite before 18
A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the root account. An attacker could exploit this vulnerability by using the account to log in to an affected system. An exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. Cisco Bug IDs: CSCvh02680.
No detection rules found.
No public exploits indexed.
Tenable
Cisco Issues Patches for 4 Critical Vulnerabilities in Cisco Policy Suite
blogs_tenable·2018-07-21
Cisco Issues Patches for 4 Critical Vulnerabilities in Cisco Policy Suite
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Cisco Issues Patches for 4 Critical Vulnerabilities in Cisco Policy Suite
blogs_tenable·2018-07-21·CVSS 9.8
[CRITICAL] Cisco Issues Patches for 4 Critical Vulnerabilities in Cisco Policy Suite
Blog / Cyber Exposure Alerts
Subscribe
# Cisco Issues Patches for 4 Critical Vulnerabilities in Cisco Policy Suite
Paul Davis
July 21, 2018
2 Min Read
Cisco’s Policy Suite for Mobile controls billing and access control for customer devices. Root access to this suite is concerning because of the breadth of user device access.
The latest batch of Cisco patches includes fixes for four critical vulnerabilities related to unauthenticated access and default credentials in the Cisco Policy Suite for the Cisco Mobility Services Engine. All four were discovered by internal security testing. In addition, nine high-severity vulnerabilities and 12 medium ones were patched in a variety of other Cisco platforms.
### Analysis
Two of the vulnerabilities (CVE-2018-0376 and CVE-2018-0374) give unaut
http://www.securityfocus.com/bid/104852https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-cm-default-psswrdhttp://www.securityfocus.com/bid/104852https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-cm-default-psswrd
2018-07-18
Published