CVE-2018-0468

Name of the Vulnerable Software and Affected Versions Cisco Energy Management Suite (affected versions not specified)

Description The issue is related to the configuration of a local database in the Cisco Energy Management Suite, specifically due to the use of default access credentials for the PostgreSQL database. This could allow an authenticated, local attacker to access and modify confidential data by logging in to the machine where the suite is installed and establishing a local connection to the database.

Recommendations For existing installations, manually change the database access password as documented in the Workarounds section of the advisory. For new installations, ensure the fix that randomizes the database access password is applied. As a temporary workaround, consider restricting access to the PostgreSQL database to minimize the risk of exploitation.