CVE-2018-0181

Name of the Vulnerable Software and Affected Versions Cisco Policy Suite versions (affected versions not specified) Cisco Policy Suite Diameter Routing Agent versions (affected versions not specified)

Description The issue is related to improper authentication when accessing the Redis server, which could allow an unauthenticated, remote attacker to modify key-value pairs stored within the Redis server database. This could enable the attacker to reduce the efficiency of the software.

Recommendations For Cisco Policy Suite, update the software to a version that properly authenticates access to the Redis server. For Cisco Policy Suite Diameter Routing Agent, update the software to a version that properly authenticates access to the Redis server. As a temporary workaround, consider restricting access to the Redis server to minimize the risk of exploitation.