cbcvebase.
CVE-2018-0376
published 2018-07-18

CVE-2018-0376: A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy…

PriorityP263critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.73%
84.2th percentile
A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interface. A successful exploit could allow the attacker to make changes to existing repositories and create new repositories. Cisco Bug IDs: CSCvi35109.

Affected

3 ranges
VendorProductVersion rangeFixed in
ciscomobility_services_engine
ciscopolicy_suite< 18.2.018.2.0
ciscopolicy_suite_policy_builder_unauthenticated_access

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability allows unauthenticated remote access to the Cisco Policy Suite Policy Builder interface — detect unauthenticated HTTP/HTTPS connections to the Policy Builder interface from external/untrusted sources
  • Monitor for unauthorized repository creation or modification events within Cisco Policy Suite, which would indicate successful exploitation of CVE-2018-0376
  • Cisco internal bug ID CSCvi35109 can be used to cross-reference vendor advisories and patch status for this vulnerability
  • ·There are no workarounds available for CVE-2018-0376; the only remediation is upgrading to Cisco Policy Suite Release 18.2.0 or later
  • ·The vulnerability is due to a complete lack of authentication on the Policy Builder interface, meaning no credentials are required for exploitation — network-level access controls (firewall rules restricting access to the Policy Builder interface) are critical compensating controls

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.