VYPR

Policy Suite

by Cisco Systems, Inc.

CVEs (15)

  • CVE-2018-0377CriJul 18, 2018
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit…

  • CVE-2018-0376CriJul 18, 2018
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by…

  • CVE-2018-0375CriJul 18, 2018
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. The vulnerability is due to the presence of…

  • CVE-2018-0374CriJul 18, 2018
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. The vulnerability is due to a lack of authentication. An attacker could exploit this…

  • CVE-2017-6623HigMay 18, 2017
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root. The vulnerability is due to incorrect sudoers…

  • CVE-2018-0089HigJan 18, 2018
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would…

  • CVE-2018-0116HigFeb 8, 2018
    risk 0.47cvss 7.2epss 0.01

    A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. The vulnerability is due to…

  • CVE-2018-0393MedJul 18, 2018
    risk 0.42cvss 6.5epss 0.01

    A Read-Only User Effect Change vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder interface. The vulnerability is due to insufficient authorization controls. An attacker…

  • CVE-2018-0392MedJul 18, 2018
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user. The vulnerability is due to insufficient access control permissions (i.e., World-Readable). An attacker could exploit this vulnerability by…

  • CVE-2018-0134MedFeb 8, 2018
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different…

  • CVE-2016-1357MedMar 3, 2016
    risk 0.35cvss 5.3epss 0.01

    The password-management administration component in Cisco Policy Suite (CPS) 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions and read unspecified data via unknown vectors, aka Bug ID CSCut85211.

  • CVE-2017-6781MedAug 17, 2017
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The…

  • CVE-2021-40119Nov 4, 2021
    risk 0.01cvss epss 0.02

    A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker…

  • CVE-2018-15466Jan 11, 2019
    risk 0.00cvss epss 0.02

    A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS…

  • CVE-2018-0181Jan 10, 2019
    risk 0.00cvss epss 0.02

    A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The…