Main Vulnerability Database Vulnerabilities #VU13948

Use of hard-coded credentials in Policy Suite - CVE-2018-0375

Published: July 20, 2018 / Updated: July 23, 2018

Vulnerability identifier: #VU13948

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-0375

CWE-ID: CWE-798

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Policy Suite

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists in the Cluster Manager of Cisco Policy Suite due to the presence of undocumented, static user credentials for the root account. A remote attacker can use the account to log in to the system execute arbitrary commands with root privileges.

How to mitigate CVE-2018-0375

Update to version 18.1.0, 18.2.0.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-cm-de...

Use of hard-coded credentials in Policy Suite - CVE-2018-0375

Detailed vulnerability description

How to mitigate CVE-2018-0375

Sources

Please verify you're human