10

CVE-2018-0375

EPSS 1.9%
Published 18.07.2018 23:29:00
Last modified 21.11.2024 03:38:05
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the root account. An attacker could exploit this vulnerability by using the account to log in to an affected system. An exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. Cisco Bug IDs: CSCvh02680.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Mobility Services Engine Version14.0.0

Cisco ≫ Policy Suite Version < 18.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.9%	0.825

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

http://www.securityfocus.com/bid/104852

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-cm-default-psswrd

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0375

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0375

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0375

EUVD