Sign-up

ID

VAR-201802-0610


CVE

CVE-2018-0116


TITLE

Cisco Policy Suite Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002143

DESCRIPTION

A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. The vulnerability is due to incorrect RADIUS user credential validation. An attacker could exploit this vulnerability by attempting to access a Cisco Policy Suite domain configured with RADIUS authentication. An exploit could allow the attacker to be authorized as a subscriber without providing a valid password. This vulnerability affects the Cisco Policy Suite application running a release prior to 13.1.0 with Hotfix Patch 1 when RADIUS authentication is configured for a domain. Cisco Policy Suite Release 14.0.0 is also affected, as it includes vulnerable code, but RADIUS authentication is not officially supported in Cisco Policy Suite Releases 14.0.0 and later. Cisco Bug IDs: CSCvg40124. Vendors have confirmed this vulnerability Bug ID CSCvg40124 It is released as.Information may be obtained and information may be altered. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. This solution provides functions such as user-based business rules, real-time management of applications and network resources. RADIUS authentication module is one of the RADIUS protocol authentication modules

Trust: 1.98

sources: NVD: CVE-2018-0116 // JVNDB: JVNDB-2018-002143 // BID: 102968 // VULHUB: VHN-118318

AFFECTED PRODUCTS

vendor:ciscomodel:mobility services enginescope:eqversion:14.0.0

Trust: 1.6

vendor:ciscomodel:mobility services enginescope:eqversion:13.1.0

Trust: 1.6

vendor:ciscomodel:mobility services enginescope:eqversion:13.0.0

Trust: 1.6

vendor:ciscomodel:policy suitescope: - version: -

Trust: 0.8

vendor:ciscomodel:policy suitescope:eqversion:13.0

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:12.1

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:12.0

Trust: 0.3

vendor:ciscomodel:policy suitescope:eqversion:13.1.0

Trust: 0.3

vendor:ciscomodel:policy suite hotfix patchscope:neversion:13.1.0

Trust: 0.3

sources: BID: 102968 // JVNDB: JVNDB-2018-002143 // CNNVD: CNNVD-201802-279 // NVD: CVE-2018-0116

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0116
value: HIGH

Trust: 1.0

NVD: CVE-2018-0116
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201802-279
value: HIGH

Trust: 0.6

VULHUB: VHN-118318
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0116
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118318
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0116
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118318 // JVNDB: JVNDB-2018-002143 // CNNVD: CNNVD-201802-279 // NVD: CVE-2018-0116

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-118318 // JVNDB: JVNDB-2018-002143 // NVD: CVE-2018-0116

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-279

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201802-279

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002143

PATCH
title:cisco-sa-20180207-cpsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cps
Trust: 0.8
title:Cisco Policy Suite RADIUS authentication Repair measures for module security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78390
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-002143 // 
            
            
            
            CNNVD: CNNVD-201802-279

EXTERNAL IDS
db:NVDid:CVE-2018-0116
Trust: 2.8
db:BIDid:102968
Trust: 2.0
db:JVNDBid:JVNDB-2018-002143
Trust: 0.8
db:CNNVDid:CNNVD-201802-279
Trust: 0.7
db:VULHUBid:VHN-118318
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118318 // 
            
            
            
            BID: 102968 // 
            
            
            
            JVNDB: JVNDB-2018-002143 // 
            
            
            
            CNNVD: CNNVD-201802-279 // 
            
            
            
            NVD: CVE-2018-0116

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180207-cps
Trust: 2.0
url:http://www.securityfocus.com/bid/102968
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0116
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0116
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118318 // 
            
            
            
            BID: 102968 // 
            
            
            
            JVNDB: JVNDB-2018-002143 // 
            
            
            
            CNNVD: CNNVD-201802-279 // 
            
            
            
            NVD: CVE-2018-0116

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 102968

SOURCES
db:VULHUBid:VHN-118318
db:BIDid:102968
db:JVNDBid:JVNDB-2018-002143
db:CNNVDid:CNNVD-201802-279
db:NVDid:CVE-2018-0116

LAST UPDATE DATE
2024-11-23T22:48:47.021000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118318date:2019-10-09T00:00:00
db:BIDid:102968date:2018-02-07T00:00:00
db:JVNDBid:JVNDB-2018-002143date:2018-03-26T00:00:00
db:CNNVDid:CNNVD-201802-279date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0116date:2024-11-21T03:37:33.250

SOURCES RELEASE DATE
db:VULHUBid:VHN-118318date:2018-02-08T00:00:00
db:BIDid:102968date:2018-02-07T00:00:00
db:JVNDBid:JVNDB-2018-002143date:2018-03-26T00:00:00
db:CNNVDid:CNNVD-201802-279date:2018-02-09T00:00:00
db:NVDid:CVE-2018-0116date:2018-02-08T07:29:00.257