—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco Policy Suite OSGi Interface Unauthenticated Access Vulnerability
Advisory ID: cisco-sa-20180718-ps-osgi-unauth-access
Revision: 1.0
For Public Release: 2018 July 18 16:00 GMT
Last Updated: 2018 July 18 16:00 GMT
CVE ID(s): CVE-2018-0377
CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+———————————————————————
Summary
=======
A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite could allow an unauthenticated, remote attacker to directly connect to the OSGi interface.
The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access”]
—–BEGIN PGP SIGNATURE—–
iQJ5BAEBAgBjBQJbT2bQXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczKlQQAJ0jce3z5i0P2BZDSazlTvZxxBu6
JuCD0AiKhQV6s5BjzNbW1JCfvUbo90RCD8Ox3sBXLDRhAi8nq81OH+jY2VLvtQ//
Kx7B3tySuUSGPBB9YLZY6IfdUbqIccgSYJwXmHyxzEmeC8PSreKJ9cuD84nyl00X
jourZC/DCeCtPeeBp1BRFsrEcLrP+gz+Ixol7zl5UOciiKpPEqVH1stRaepbVwwN
eS2bS7JCuIxjE6581hxYNHrhF0v+4yRICtLmwQP3Q2TXm6B2lb+MTCGgl7uHmZJ/
YOUtYCOk0MdptLS3GGNxvB32kykpgxtA6uc+PjXyZrMSOw0xXcmDbSxLdjL/xHCN
i4doOBtKrw3jM/jgA57D6VNejAwPYDZN63jML9uH34eUCLaI8nmWNUkLkMWacbsF
04qhOv82k964ZPy5nbju4lpq9QqOt09WKzyRNPg5ryIOR9zwWJu5mk/RV+HKTmx2
lAj7BJnbxGXaMDL9ftd+OZl44XzJTRQUP68Eb+ZsaKHb5DcPEUOBlwOV/QWaziuM
3gITK81Ufd7e5J0+Guc43T7rFdJthSALGbJTkITMQmEX4TFLpdk1M+0eEg18b/PM
04msEjqpZW405RcNNneg5nvfhj+xcVBss3aOgwV12r/wxWLKD6ONatU8Dcwcsjuq
no6hkl7Yp1OIWXPj
=tO7j
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com