CVE-2018-0377

CWE-306 — Missing Authentication4 documents4 sources

Severity

9.8CRITICAL

EPSS

9.0%

top 7.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Policy Suite Cisco Mobility Services Engine

Timeline

PublishedJul 18

Latest updateMay 13

Description

A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process. Cisco Bug IDs: CSCvh18017.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDcisco/policy_suite< 18.1.0

▶CVEListV5cisco_policy_suite_unknownCisco Policy Suite unknown

▶NVDcisco/mobility_services_engine14.0.0

🔴Vulnerability Details

GHSA

GHSA-j6q6-97rg-2x8h: A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18↗2022-05-13

▶

CVEList

CVE-2018-0377: A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18↗2018-07-18

▶

📋Vendor Advisories

Cisco

Cisco Policy Suite OSGi Interface Unauthenticated Access Vulnerability↗2018-07-18

▶