CVE-2018-0089

Name of the Vulnerable Software and Affected Versions: Cisco Policy Suite (CPS) (affected versions not specified)

Description: A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks, but would also need access to the internal VLAN where CPS is deployed. The issue is due to incorrect permissions of certain system files and insufficient protection of sensitive data at rest. An attacker could exploit this by using certain tools on the internal network interface to request and view system files, potentially revealing sensitive application information.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.