CVE-2018-0376
published 2018-07-18CVE-2018-0376: A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy…
PriorityP263critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.73%
84.2th percentile
A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interface. A successful exploit could allow the attacker to make changes to existing repositories and create new repositories. Cisco Bug IDs: CSCvi35109.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | mobility_services_engine | — | — |
| cisco | policy_suite | < 18.2.0 | 18.2.0 |
| cisco | policy_suite_policy_builder_unauthenticated_access | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability allows unauthenticated remote access to the Cisco Policy Suite Policy Builder interface — detect unauthenticated HTTP/HTTPS connections to the Policy Builder interface from external/untrusted sources ↗
- →Monitor for unauthorized repository creation or modification events within Cisco Policy Suite, which would indicate successful exploitation of CVE-2018-0376 ↗
- →Cisco internal bug ID CSCvi35109 can be used to cross-reference vendor advisories and patch status for this vulnerability ↗
- ·There are no workarounds available for CVE-2018-0376; the only remediation is upgrading to Cisco Policy Suite Release 18.2.0 or later ↗
- ·The vulnerability is due to a complete lack of authentication on the Policy Builder interface, meaning no credentials are required for exploitation — network-level access controls (firewall rules restricting access to the Policy Builder interface) are critical compensating controls ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Policy Suite Policy Builder Unauthenticated Access Vulnerability
vendor_cisco·2018-07-18·CVSS 9.8
CVE-2018-0376 [CRITICAL] CWE-306 Cisco Policy Suite Policy Builder Unauthenticated Access Vulnerability
Cisco Policy Suite Policy Builder Unauthenticated Access Vulnerability
A vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an unauthenticated, remote attacker to access the Policy Builder interface.
The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interface. A successful exploit could allow the attacker to make changes to existing repositories and create new repositories.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-pspb-unauth-access
Cisco
Cisco Policy Suite Policy Builder Unauthenticated Access Vulnerability
vendor_cisco·CVSS 3.0
CVE-2018-0376 Cisco Policy Suite Policy Builder Unauthenticated Access Vulnerability
CVE-2018-0376: Cisco Policy Suite Policy Builder Unauthenticated Access Vulnerability
A vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interface. A successful exploit could allow the attacker to make changes to existing repositories and create new repositories. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.0
CWE: CWE-306, CWE-306
Bug IDs: CSCvi35109
GHSA
GHSA-j2gf-mw9g-vj44: A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18
ghsa_unreviewed·2022-05-13
CVE-2018-0376 [CRITICAL] CWE-306 GHSA-j2gf-mw9g-vj44: A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18
A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interface. A successful exploit could allow the attacker to make changes to existing repositories and create new repositories. Cisco Bug IDs: CSCvi35109.
No detection rules found.
No public exploits indexed.
Tenable
Cisco Issues Patches for 4 Critical Vulnerabilities in Cisco Policy Suite
blogs_tenable·2018-07-21
Cisco Issues Patches for 4 Critical Vulnerabilities in Cisco Policy Suite
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Cisco Issues Patches for 4 Critical Vulnerabilities in Cisco Policy Suite
blogs_tenable·2018-07-21·CVSS 9.8
[CRITICAL] Cisco Issues Patches for 4 Critical Vulnerabilities in Cisco Policy Suite
Blog / Cyber Exposure Alerts
Subscribe
# Cisco Issues Patches for 4 Critical Vulnerabilities in Cisco Policy Suite
Paul Davis
July 21, 2018
2 Min Read
Cisco’s Policy Suite for Mobile controls billing and access control for customer devices. Root access to this suite is concerning because of the breadth of user device access.
The latest batch of Cisco patches includes fixes for four critical vulnerabilities related to unauthenticated access and default credentials in the Cisco Policy Suite for the Cisco Mobility Services Engine. All four were discovered by internal security testing. In addition, nine high-severity vulnerabilities and 12 medium ones were patched in a variety of other Cisco platforms.
### Analysis
Two of the vulnerabilities (CVE-2018-0376 and CVE-2018-0374) give unaut
2018-07-18
Published