CVE-2018-0393
N/A
N/A
Summary
A Read-Only User Effect Change vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by accessing the Policy Builder interface and modifying an HTTP request. A successful exploit could allow the attacker to make changes to existing policies. Cisco Bug IDs: CSCvi35007.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Cisco Policy Suite unknown | Cisco Policy Suite unknown | affected |
Weaknesses
- CWE-285: CWE-285
ADP Enrichment
CVE Program Container
Additional References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-suite-change
- http://www.securityfocus.com/bid/104867
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-suite-change
- http://www.securityfocus.com/bid/104867
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.