Main Vulnerability Database Vulnerabilities #VU13948

#VU13948 Use of hard-coded credentials in Policy Suite - CVE-2018-0375

Published: July 20, 2018 / Updated: July 23, 2018

Vulnerability identifier: #VU13948

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-0375

CWE-ID: CWE-798

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Policy Suite

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists in the Cluster Manager of Cisco Policy Suite due to the presence of undocumented, static user credentials for the root account. A remote attacker can use the account to log in to the system execute arbitrary commands with root privileges.

Remediation

Update to version 18.1.0, 18.2.0.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-cm-de...

#VU13948 Use of hard-coded credentials in Policy Suite - CVE-2018-0375

Description

Remediation

External links

Please verify you're human