SB2018072011 - Multiple vulnerabilities in Cisco Policy Suite

Security Bulletin ID SB2018072011

CSH Severity

High

Patch available

YES

Number of vulnerabilities 6

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 6 vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2018-0392)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to insufficient access control permissions. A local attacker can log in to the CLI and access potentially sensitive files that are owned by a different user.

2) Improper authorization (CVE-ID: CVE-2018-0393)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote authenticated attacker to make policy changes in the Policy Builder interface.

The vulnerability exists in the Policy Builder interface of Cisco Policy Suite due to insufficient authorization controls. A remote attacker can access the Policy Builder interface, modify an HTTP request and make changes to existing policies.

3) Authentication bypass (CVE-ID: CVE-2018-0376)

CWE-ID: CWE-306 - Missing Authentication for Critical Function

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to bypass authentication on the target system.

The vulnerability exists in the Policy Builder interface of Cisco Policy Suite due to lack of authentication. A remote attacker can bypass authentication, access the Policy Builder interface and make changes to existing repositories and create new repositories.

4) Authentication bypass (CVE-ID: CVE-2018-0377)

CWE-ID: CWE-306 - Missing Authentication for Critical Function

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to bypass authentication on the target system.

The vulnerability exists in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite due to lack of authentication. A remote attacker can bypass authentication, directly connect to the OSGi interface to access or change any files that are accessible by the OSGi process.

5) Authentication bypass (CVE-ID: CVE-2018-0374)

CWE-ID: CWE-306 - Missing Authentication for Critical Function

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to bypass authentication on the target system.

The vulnerability exists in the Policy Builder database of Cisco Policy Suite due to lack of authentication. A remote attacker can bypass authentication, directly connect to the to the Policy Builder database to access and change any data in the Policy Builder database.

6) Use of hard-coded credentials (CVE-ID: CVE-2018-0375)

CWE-ID: CWE-798 - Use of Hard-coded Credentials

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists in the Cluster Manager of Cisco Policy Suite due to the presence of undocumented, static user credentials for the root account. A remote attacker can use the account to log in to the system execute arbitrary commands with root privileges.

Remediation

Install update from vendor's website.

SB2018072011 - Multiple vulnerabilities in Cisco Policy Suite

Breakdown by Severity

Description

Remediation

References

Please verify you're human