cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-40119,https://securityvulnerability.io/vulnerability/CVE-2021-40119,Cisco Policy Suite Static SSH Keys Vulnerability,"A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user.",Cisco,Cisco Policy Suite (cps) Software,9.8,CRITICAL,0.006940000224858522,false,,false,false,true,2024-08-04T03:16:55.000Z,,false,false,,2021-11-04T16:15:00.000Z,0
CVE-2018-15466,https://securityvulnerability.io/vulnerability/CVE-2018-15466,Cisco Policy Suite Graphite Unauthenticated Read-Only Access Vulnerability,"A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The vulnerability is due to lack of authentication. An attacker could exploit this vulnerability by directly connecting to the Graphite web interface. An exploit could allow the attacker to access various statistics and Key Performance Indicators (KPIs) regarding the Cisco Policy Suite environment.",Cisco,Cisco Policy Suite (cps) Software,5.3,MEDIUM,0.0007200000109151006,false,,false,false,true,2024-08-05T10:17:53.000Z,,false,false,,2019-01-11T15:29:00.000Z,0
CVE-2018-0181,https://securityvulnerability.io/vulnerability/CVE-2018-0181,Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability,"A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to reduce the efficiency of the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software.",Cisco,Cisco Policy Suite (cps) Software,7.3,HIGH,0.003000000026077032,false,,false,false,true,2024-08-05T04:15:13.000Z,,false,false,,2019-01-10T00:29:00.000Z,0
CVE-2018-0377,https://securityvulnerability.io/vulnerability/CVE-2018-0377,,"A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process. Cisco Bug IDs: CSCvh18017.",Cisco,Cisco Policy Suite Unknown,9.8,CRITICAL,0.003000000026077032,false,,false,false,false,,,false,false,,2018-07-18T23:29:00.000Z,0
CVE-2018-0376,https://securityvulnerability.io/vulnerability/CVE-2018-0376,,"A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interface. A successful exploit could allow the attacker to make changes to existing repositories and create new repositories. Cisco Bug IDs: CSCvi35109.",Cisco,Cisco Policy Suite Unknown,9.8,CRITICAL,0.003000000026077032,false,,false,false,false,,,false,false,,2018-07-18T23:29:00.000Z,0
CVE-2018-0392,https://securityvulnerability.io/vulnerability/CVE-2018-0392,,"A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user. The vulnerability is due to insufficient access control permissions (i.e., World-Readable). An attacker could exploit this vulnerability by logging in to the CLI. An exploit could allow the attacker to access potentially sensitive files that are owned by a different user. Cisco Bug IDs: CSCvh18087.",Cisco,Cisco Policy Suite Unknown,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-07-18T23:29:00.000Z,0
CVE-2018-0375,https://securityvulnerability.io/vulnerability/CVE-2018-0375,,"A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the root account. An attacker could exploit this vulnerability by using the account to log in to an affected system. An exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. Cisco Bug IDs: CSCvh02680.",Cisco,Cisco Policy Suite Unknown,9.8,CRITICAL,0.00203999993391335,false,,false,false,false,,,false,false,,2018-07-18T23:29:00.000Z,0
CVE-2018-0374,https://securityvulnerability.io/vulnerability/CVE-2018-0374,,"A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by connecting directly to the Policy Builder database. A successful exploit could allow the attacker to access and change any data in the Policy Builder database. Cisco Bug IDs: CSCvh06134.",Cisco,Cisco Policy Suite Unknown,9.8,CRITICAL,0.003000000026077032,false,,false,false,false,,,false,false,,2018-07-18T23:29:00.000Z,0
CVE-2018-0393,https://securityvulnerability.io/vulnerability/CVE-2018-0393,,"A Read-Only User Effect Change vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by accessing the Policy Builder interface and modifying an HTTP request. A successful exploit could allow the attacker to make changes to existing policies. Cisco Bug IDs: CSCvi35007.",Cisco,Cisco Policy Suite Unknown,6.5,MEDIUM,0.000699999975040555,false,,false,false,false,,,false,false,,2018-07-18T23:29:00.000Z,0
CVE-2018-0116,https://securityvulnerability.io/vulnerability/CVE-2018-0116,,"A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. The vulnerability is due to incorrect RADIUS user credential validation. An attacker could exploit this vulnerability by attempting to access a Cisco Policy Suite domain configured with RADIUS authentication. An exploit could allow the attacker to be authorized as a subscriber without providing a valid password. This vulnerability affects the Cisco Policy Suite application running a release prior to 13.1.0 with Hotfix Patch 1 when RADIUS authentication is configured for a domain. Cisco Policy Suite Release 14.0.0 is also affected, as it includes vulnerable code, but RADIUS authentication is not officially supported in Cisco Policy Suite Releases 14.0.0 and later. Cisco Bug IDs: CSCvg40124.",Cisco,Cisco Policy Suite,7.2,HIGH,0.0008099999977275729,false,,false,false,false,,,false,false,,2018-02-08T07:00:00.000Z,0
CVE-2018-0134,https://securityvulnerability.io/vulnerability/CVE-2018-0134,,"A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different authentication failure messages based on the validity of usernames. An attacker could use these messages to determine whether a valid subscriber username has been identified. The attacker could use this information in subsequent attacks against the system. Cisco Bug IDs: CSCvg47830.",Cisco,Cisco Policy Suite,5.3,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2018-02-08T07:00:00.000Z,0
CVE-2018-0089,https://securityvulnerability.io/vulnerability/CVE-2018-0089,,"A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access to the internal VLAN where CPS is deployed. The vulnerability is due to incorrect permissions of certain system files and not sufficiently protecting sensitive data that is at rest. An attacker could exploit the vulnerability by using certain tools available on the internal network interface to request and view system files. An exploit could allow the attacker to find out sensitive information about the application. Cisco Bug IDs: CSCvf77666.",Cisco,Cisco Policy Suite,7.5,HIGH,0.0015999999595806003,false,,false,false,false,,,false,false,,2018-01-18T06:00:00.000Z,0
CVE-2017-6623,https://securityvulnerability.io/vulnerability/CVE-2017-6623,,"A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root. The vulnerability is due to incorrect sudoers permissions on the script file. An attacker could exploit this vulnerability by authenticating to the device and providing crafted user input at the CLI, using this script file to escalate their privilege level and execute commands as root. A successful exploit could allow the attacker to acquire root-level privileges and take full control of the appliance. The user has to be logged-in to the device with valid credentials for a specific set of users. The Cisco Policy Suite application is vulnerable when running software versions 10.0.0, 10.1.0, or 11.0.0. Cisco Bug IDs: CSCvc07366.",Cisco,Cisco Policy Suite,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2017-05-18T19:00:00.000Z,0
CVE-2016-1357,https://securityvulnerability.io/vulnerability/CVE-2016-1357,,"The password-management administration component in Cisco Policy Suite (CPS) 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions and read unspecified data via unknown vectors, aka Bug ID CSCut85211.",Cisco,Cisco Policy Suite,5.3,MEDIUM,0.0014700000174343586,false,,false,false,false,,,false,false,,2016-03-03T22:00:00.000Z,0