Skip to main content

Policy Suite

7 CVEs product

Monthly

CVE-2021-40119 CRITICAL Act Now

A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Policy Suite
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2018-0377 CRITICAL Act Now

A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Mobility Services Engine Policy Suite
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-0376 CRITICAL Act Now

A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Mobility Services Engine Policy Suite
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-0375 CRITICAL Act Now

A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Mobility Services Engine Policy Suite
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-0089 HIGH This Week

A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Cisco Policy Suite
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2017-6781 MEDIUM This Month

A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Policy Suite
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-6623 HIGH This Week

A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Policy Suite
NVD
CVSS 3.0
7.8
EPSS
0.0%
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Policy Suite
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Mobility Services Engine +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Mobility Services Engine +1
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Mobility Services Engine +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Cisco +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Policy Suite
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Policy Suite
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy