BID:104850

Cisco Policy Suite OSGi Interface CVE-2018-0377 Authentication Bypass Vulnerability

CVE-2018-377 |

Info

Cisco Policy Suite OSGi Interface CVE-2018-0377 Authentication Bypass Vulnerability

Bugtraq ID:	104850
Class:	Design Error
CVE:	CVE-2018-0377
Remote:	Yes
Local:	No
Published:	Jul 18 2018 12:00AM
Updated:	Jul 18 2018 12:00AM
Credit:	Cisco
Vulnerable:	Cisco Policy Suite (CPS) 18.0 Cisco Policy Suite (CPS) 13.0 Cisco Policy Suite (CPS) 12.1 Cisco Policy Suite (CPS) 12.0 Cisco Policy Suite (CPS) 11.1 Cisco Policy Suite (CPS) 11.0 Cisco Policy Suite (CPS) 10.1 Cisco Policy Suite (CPS) 13.1.0 Cisco Policy Suite (CPS) 10.0 Cisco Policy Suite (CPS) 0 Cisco Policy Suite 7.5 Cisco Policy Suite 7.0.2 Cisco Policy Suite 7.0.1.3 Cisco Mobility Services Engine 0

Not Vulnerable:	Cisco Policy Suite (CPS) 18.1

Discussion

Cisco Policy Suite OSGi Interface CVE-2018-0377 Authentication Bypass Vulnerability

Cisco Policy Suite is prone to an authentication-bypass vulnerability.

An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks.

This issue is being tracked by Cisco bug CSCvh18017.

Versions prior to Cisco Policy Suite (CPS) 18.1.0 are vulnerable.

Exploit / POC

Cisco Policy Suite OSGi Interface CVE-2018-0377 Authentication Bypass Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

Cisco Policy Suite OSGi Interface CVE-2018-0377 Authentication Bypass Vulnerability

References:

Cisco Homepage (Cisco )
Cisco Policy Suite OSGi Interface Unauthenticated Access Vulnerability (Cisco)