This week, Cisco announced it has patched four vulnerabilities in its Policy Suite which had put users at risk of database tampering, information leaks, account compromise, and more. The first vulnerability, CVE-2018-0374, was an “unauthenticated bypass bug,” which could have allowed a remote hacker to connect to, and tamper with the Policy Builder’s database directly. The second vulnerability, CVE-2018-0375, was a default password error that was in the Cluster Manager and allowed unauthenticated remote hacking of a vulnerable system by using a root account. If a hacker had knowledge of root account credentials, they could have executed arbitrary commands. Bug number three, CVE-2018-0376, was also an unauthorized access issue caused by “a lack of authentication measures.” An attacker could have made changes to existing repositories and made new ones. Security flaw number four, CVE-2018-0377, affected Cisco Policy Suite’s Open Systems Gateway initiative (OSGi) interface. An authentication lack in the OSGi interface allowed hackers to bypass security measures and connect directly to the interface to access files and modify content. Cisco said there are no workarounds to circumvent these vulnerabilities, but the patches will address the problems. There have been no reports that these flaws were being exploited in the wild.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased