← back
CVE-2018-0393

CVE-2018-0393

EPSS 0.9%CWE-285
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
18 Jul 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A Read-Only User Effect Change vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by accessing the Policy Builder interface and modifying an HTTP request. A successful exploit could allow the attacker to make changes to existing policies. Cisco Bug IDs: CSCvi35007.
Affected products
n/a · Cisco Policy Suite unknown

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-suite-changehttp://www.securityfocus.com/bid/104867