Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
570
VMScore

CVE-2018-0116

Published: 08/02/2018 Updated: 09/10/2019
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.2 | Impact Score: 2.7 | Exploitability Score: 3.9
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Subscribe to Mobility Services Engine

Vulnerability Summary

A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote malicious user to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. The vulnerability is due to incorrect RADIUS user credential validation. An attacker could exploit this vulnerability by attempting to access a Cisco Policy Suite domain configured with RADIUS authentication. An exploit could allow the malicious user to be authorized as a subscriber without providing a valid password. This vulnerability affects the Cisco Policy Suite application running a release before 13.1.0 with Hotfix Patch 1 when RADIUS authentication is configured for a domain. Cisco Policy Suite Release 14.0.0 is also affected, as it includes vulnerable code, but RADIUS authentication is not officially supported in Cisco Policy Suite Releases 14.0.0 and later. Cisco Bug IDs: CSCvg40124.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco mobility services engine 14.0.0

cisco mobility services engine 13.1.0

cisco mobility services engine 13.0.0

Vendor Advisories

Cisco: Cisco Policy Suite RADIUS Authentication Bypass Vulnerability
A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username The vulnerability is due to incorrect RADIUS user credential validation An attacker could exploit this v ...

References

CWE-287https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cpshttp://www.securityfocus.com/bid/102968https://nvd.nist.govhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cps
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook