CVE-2018-0377

EPSS 9.45%
Published 18.07.2018 23:29:00
Last modified 21.11.2024 03:38:05
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process. Cisco Bug IDs: CSCvh18017.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Mobility Services Engine Version14.0.0

Cisco ≫ Policy Suite Version < 18.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	9.45%	0.92

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

http://www.securityfocus.com/bid/104850

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0377

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0377

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0377

EUVD