Several critical Cisco Policy Suite vulnerabilities have been released.  The vulnerabilities are related to unauthenticated access.

  • Cisco Policy Suite Policy Builder Unauthenticated Access Vulnerability

A vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an unauthenticated, remote attacker to access the Policy Builder interface.

The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interface. A successful exploit could allow the attacker to make changes to existing repositories and create new repositories.

Read more: Cisco Advisory

  • Cisco Policy Suite OSGi Interface Unauthenticated Access Vulnerability

A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite could allow an unauthenticated, remote attacker to directly connect to the OSGi interface.

The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process.

Read more: Cisco Advisory

  • Cisco Policy Suite Policy Builder Database Unauthenticated Access Vulnerability

A vulnerability in the Policy Builder database of Cisco Policy Suite could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database.

The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by connecting directly to the Policy Builder database. A successful exploit could allow the attacker to access and change any data in the Policy Builder database.

Read more: Cisco Advisory

  • Cisco Policy Suite Cluster Manager Default Password Vulnerability

A vulnerability in the Cluster Manager of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials.

The vulnerability is due to the presence of undocumented, static user credentials for the root account. An attacker could exploit this vulnerability by using the account to log in to an affected system. An exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.

Read more: Cisco Advisory

 

OUR SECURITY SERVICES INCLUDE:

FNS1 THREATcheck

 Register for your FREE Threat Check today: https://fns1.com/threatcheck/
Advertisements