Cisco Mobility Services Engine vulnerabilities

CVE-2018-0377 [CRITICAL] CWE-306 CVE-2018-0377: A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An expl

CVE-2018-0374 [CRITICAL] CWE-306 CVE-2018-0374: A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an un A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by connecting directly to the Policy Builder database. A successful e

CVE-2018-0375 [CRITICAL] CWE-798 CVE-2018-0375: A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenti A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the root account. An attacker could exploi

CVE-2018-0376 [CRITICAL] CWE-306 CVE-2018-0376: A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an u A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interface. A successful exploit could allow the

CVE-2018-0116 [HIGH] CWE-287 CVE-2018-0116: A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthentic A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. The vulnerability is due to incorrect RADIUS user credential validation. An attacker could exploit this vulnera

CVE-2018-0134 [MEDIUM] CWE-200 CVE-2018-0134: A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthentic A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different authentication failure messages based on the validity of usernames. An attacker

CVE-2016-9197 [MEDIUM] CWE-264 CVE-2016-9197: A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireles A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0).

CVE-2015-4282 [MEDIUM] CWE-264 CVE-2015-4282: Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504.

CVE-2015-6316 [MEDIUM] CWE-255 CVE-2015-6316: The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 a The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501.

CVE-2015-4263 [MEDIUM] CWE-200 CVE-2015-4263: The Control and Provisioning functionality in Cisco Mobility Services Engine (MSE) 10.0(0.1) allows The Control and Provisioning functionality in Cisco Mobility Services Engine (MSE) 10.0(0.1) allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCut36851.

CVE-2015-0673 [MEDIUM] CWE-200 CVE-2015-0673: Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the pa Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792.