PT-2019-1371 · Cisco · Cisco Policy Suite

Published

2019-01-09

Updated

2019-10-09

CVE-2018-15466

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco Policy Suite for Mobile (affected versions not specified)

Description The issue is related to insufficient access control in the Graphite web interface of the Cisco Policy Suite, which could allow a remote attacker to access protected data. The attacker must have access to the internal VLAN where the Cisco Policy Suite is deployed. The vulnerability is due to a lack of authentication, allowing an attacker to directly connect to the Graphite web interface and access various statistics and Key Performance Indicators (KPIs) regarding the Cisco Policy Suite environment.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-284

Related Identifiers

BDU:2019-00732

CVE-2018-15466

Affected Products

Cisco Policy Suite

PT-2019-1371 · Cisco · Cisco Policy Suite

CVE-2018-15466

Weakness Enumeration

Related Identifiers

Affected Products

References · 5