Cisco has released more fixes for a range of critical and high severity vulnerabilities found in several groups of products – Policy Suite, SD-WAN, and Nexus. Let’s have a closer look at the Policy Suite flaws.
Vulnerabilities in Cisco Policy Suite
The company has just released a security advisory detailing four vulnerabilities which could place enterprise users at risk of information leaks, account compromise, database tampering, among other malicious outcomes.
The CVE-2018-0374 vulnerability is located in the Policy Builder database of Cisco Policy Suite, and could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. As explained in the advisory, the vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by connecting directly to the Policy Builder database. A successful exploit could allow the attacker to access and change any data in the Policy Builder database.
The flaw has been given a CVSS base score of 9.8. Described as an unauthenticated bypass bug, the bug can lead to data tampering in the Policy Builder database.
The CVE-2018-0375 flaw is discovered in the Cluster Manager of the Suite and could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials, and to execute arbitrary commands as the root user, the advisory explains.
The official description of CVE-2018-0376: A vulnerability (CVE-2018-0376) in the Policy Builder interface of the Suite that could be exploited by an unauthenticated, remote attacker to access the Policy Builder interface and to make changes to existing repositories and create new repositories.
The CVE-2018-0377 flaw is located in the Open Systems Gateway initiative (OSGi) interface of the Suite, and could be exploited by an unauthenticated, remote attacker to access or change any files that are accessible by the OSGi process.
Fortunately, these flaws were found during internal security testing, and Cisco says there have been no public announcements or malicious use of any of these vulnerabilities.