// For flags

CVE-2018-0377

 

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process. Cisco Bug IDs: CSCvh18017.

Una vulnerabilidad en la la interfaz Open Systems Gateway initiative (OSGi) de Cisco Policy Suite en versiones anteriores a la 18.1.0 podría permitir que un atacante remoto no autenticado se conecte directamente a la interfaz OSGi. Esta vulnerabilidad se debe a la ausencia de autenticación. Un atacante podría explotar esta vulnerabilidad conectándose directamente a la interfaz OSGi. Su explotación con éxito podría permitir que el atacante acceda o cambie cualquier archivo accesible por el proceso OSGi. Cisco Bug IDs: CSCvh18017.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-11-27 CVE Reserved
  • 2018-07-18 CVE Published
  • 2023-12-09 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-306: Missing Authentication for Critical Function
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Mobility Services Engine
Search vendor "Cisco" for product "Mobility Services Engine"
 14.0.0
Search vendor "Cisco" for product "Mobility Services Engine" and version "14.0.0"
-
Affected
Cisco
Search vendor "Cisco"
 Policy Suite
Search vendor "Cisco" for product "Policy Suite"
 < 18.1.0
Search vendor "Cisco" for product "Policy Suite" and version " < 18.1.0"
-
Affected