CVE-2018-0377

EPSS 9.45%
Veröffentlicht 18.07.2018 23:29:00
Zuletzt bearbeitet 21.11.2024 03:38:05
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process. Cisco Bug IDs: CSCvh18017.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Mobility Services Engine Version14.0.0

Cisco ≫ Policy Suite Version < 18.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.45%	0.92

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

http://www.securityfocus.com/bid/104850

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0377

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0377

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0377

EUVD