Cisco Policy Suite vulnerabilities

CVE-2021-40119 [CRITICAL] CWE-321 CVE-2021-40119: A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an u A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under t

CVE-2018-0377 [CRITICAL] CWE-306 CVE-2018-0377: A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An expl

CVE-2018-0375 [CRITICAL] CWE-798 CVE-2018-0375: A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenti A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the root account. An attacker could exploi

CVE-2018-0376 [CRITICAL] CWE-306 CVE-2018-0376: A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an u A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interface. A successful exploit could allow the

CVE-2018-0089 [HIGH] CWE-264 CVE-2018-0089: A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) cou A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access to the internal VLAN where CPS is deployed. The vulner

CVE-2017-6781 [MEDIUM] CWE-287 CVE-2017-6781: A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for C A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to incorrect role-based access control (RBAC) for shell user ac

CVE-2017-6623 [HIGH] CWE-264 CVE-2017-6623: A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root. The vulnerability is due to incorrect sudoers permissions on the script file. An attacker could exploit this vulnerability by authent