CVE-2018-0375

Name of the Vulnerable Software and Affected Versions Cisco Policy Suite versions prior to 18.2.0

Description A vulnerability in the Cluster Manager of Cisco Policy Suite is due to the presence of undocumented, static user credentials for the root account. An attacker could exploit this vulnerability by using the account to log in to an affected system, allowing them to execute arbitrary commands as the root user. The vulnerability could be exploited by an unauthenticated, remote attacker.

Recommendations For versions prior to 18.2.0, update to version 18.2.0 or later to resolve the issue. As a temporary workaround, consider changing the default, static user credentials for the root account to prevent unauthorized access. Restrict access to the Cluster Manager component to minimize the risk of exploitation.