CVE-2018-0116

Name of the Vulnerable Software and Affected Versions: Cisco Policy Suite versions prior to 13.1.0 with Hotfix Patch 1 Cisco Policy Suite version 14.0.0

Description: A vulnerability in the RADIUS authentication module could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password, as long as a valid username is provided. This issue is due to incorrect RADIUS user credential validation. An attacker could exploit this by attempting to access a Cisco Policy Suite domain configured with RADIUS authentication, potentially allowing them to be authorized without a valid password.

Recommendations: For versions prior to 13.1.0, apply Hotfix Patch 1 to resolve the issue. For version 14.0.0, consider disabling RADIUS authentication as a temporary workaround, since it is not officially supported in this release.