Vulnerabilities > Cisco > Mobility Services Engine
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-10 | CVE-2021-44228 | Deserialization of Untrusted Data vulnerability in multiple products Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity apache siemens intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion CWE-502 critical | 10.0 |
| 2018-07-18 | CVE-2018-0377 | Missing Authentication for Critical Function vulnerability in Cisco Mobility Services Engine and Policy Suite A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. | 7.5 |
| 2018-07-18 | CVE-2018-0376 | Missing Authentication for Critical Function vulnerability in Cisco Mobility Services Engine and Policy Suite A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. | 7.5 |
| 2018-07-18 | CVE-2018-0375 | Use of Hard-coded Credentials vulnerability in Cisco Mobility Services Engine and Policy Suite A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. | 10.0 |
| 2018-07-18 | CVE-2018-0374 | Missing Authentication for Critical Function vulnerability in Cisco Mobility Services Engine 14.0.0 A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. | 7.5 |
| 2018-02-08 | CVE-2018-0134 | Information Exposure Through Discrepancy vulnerability in Cisco Mobility Services Engine 13.0.0/13.1.0 A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. | 5.0 |
| 2018-02-08 | CVE-2018-0116 | Improper Authentication vulnerability in Cisco Mobility Services Engine 13.0.0/13.1.0/14.0.0 A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. | 6.4 |
| 2017-04-07 | CVE-2016-9197 | Permissions, Privileges, and Access Controls vulnerability in Cisco Mobility Services Engine 8.3.102.0 A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. | 7.2 |
| 2015-11-06 | CVE-2015-6316 | Credentials Management vulnerability in Cisco Mobility Services Engine The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501. | 6.5 |
| 2015-11-06 | CVE-2015-4282 | Permissions, Privileges, and Access Controls vulnerability in Cisco Mobility Services Engine Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504. | 6.9 |