CVE-2018-0393

Опубликовано: 18 июл. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

A Read-Only User Effect Change vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by accessing the Policy Builder interface and modifying an HTTP request. A successful exploit could allow the attacker to make changes to existing policies. Cisco Bug IDs: CSCvi35007.

Ссылки

http://www.securityfocus.com/bid/104867
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-suite-change
Vendor Advisory
http://www.securityfocus.com/bid/104867
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-suite-change
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:cisco:mobility_services_engine_3365_firmware:18.0.0:*:*:*:*:*:*:*

cpe:2.3:h:cisco:mobility_services_engine_3365:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:cisco:mobility_services_engine_3355_firmware:18.0.0:*:*:*:*:*:*:*

cpe:2.3:h:cisco:mobility_services_engine_3355:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:cisco:mobility_services_engine_3310_firmware:18.0.0:*:*:*:*:*:*:*

cpe:2.3:h:cisco:mobility_services_engine_3310:-:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00127

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-285

NVD-CWE-noinfo

Связанные уязвимости

GHSA-2w84-9xxr-7qr9

CVSS3: 6.5

github

больше 3 лет назад

EPSS

Процентиль: 32%

0.00127

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-285

NVD-CWE-noinfo