SB2018020805 - Multiple vulnerabilities in Cisco Policy Suite

Description

This security bulletin contains information about 2 vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2018-0134)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists in the RADIUS authentication module of Cisco Policy Suite due to the Cisco Policy Suite RADIUS server component returns different authentication failure messages based on the validity of usernames. A remote attacker can use these messages to determine whether a valid subscriber username has been identified and conduct subsequent attacks against the system.

2) Authentication bypass (CVE-ID: CVE-2018-0116)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to bypass authentication on the target system.

The vulnerability is due to incorrect RADIUS user credential validation. An attacker could exploit this vulnerability by attempt to access a Cisco Policy Suite domain configured with RADIUS authentication and be authorized as a subscriber without providing a valid password.

Remediation

Install update from vendor's website.

References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cps1
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cps