—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Policy Suite Policy Builder Database Unauthenticated Access Vulnerability

Advisory ID: cisco-sa-20180718-policy-unauth-access

Revision: 1.0

For Public Release: 2018 July 18 16:00 GMT

Last Updated: 2018 July 18 16:00 GMT

CVE ID(s): CVE-2018-0374

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary

=======

A vulnerability in the Policy Builder database of Cisco Policy Suite could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database.

The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by connecting directly to the Policy Builder database. A successful exploit could allow the attacker to access and change any data in the Policy Builder database.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-unauth-access [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-unauth-access”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbT2bIXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczdA0QAKLwNTUlGaytyyhWXSMKRjQphEeu
oHlxBvPr4507/PkUqFyM/rd5bcS/Sh5LvctoVa+lX3r0FZHDMS2XyiCNYWQESN5t
SX4RiylCcMrVbcaCkDGXoq2F59F5m8FX25ZJ21Y52+abElxf0cHCyBo+bEZfCaDM
McCtHUabxey4jCe3HGBhRdnoEMvt0SLO04jOcgW3ZGAEa9aAj8fWHCb/HWAfdwZm
CB3xGejkQYiFc8JD6JI0GUkFpkQczKwAUhartf1h/EMvsTJP65A8pUyyWE54Ojlb
1ydsWLm4VWKjA3cwRTCCwwhv9ferPrtBSBpgQyG5D+yRrW/VMX6AXfD/XHA6t/oV
6jzWojJjEir9wRLKqG1iLdBidUHyNUv9AQY1+jdYZvTT55T55t/B7HSAdCL23HGN
4DNtk4nQa+YjWU0bMBLjEnqxKo/4nLEJjj6y1TlELBORk7YDk2j3lZuEzJXkb+M/
pvRHWlo/csPMzs20lNUzlOLLjSGkWfSOLtnuG0pSngG20bj+AF2g6S5VmEetXjAv
95kAQ7CncJBUCn1Eu0X3TKIvkQyb67/RgTekDJ+LxJXH/u9LSvbbxILYXyrq9nkn
uIIVon8+attnqsoMU0+DFhIrFOMMCdo/MXKaJCxDEFORn6Z7z+pbMXbKc/LoopAq
ag/wJlHemwD/YQRh
=+paR
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com