Vulnerabilities > Cisco > Mobility Services Engine > 14.0.0

DATE CVE VULNERABILITY TITLE RISK
2018-07-18 CVE-2018-0377 Missing Authentication for Critical Function vulnerability in Cisco Mobility Services Engine and Policy Suite
A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface.
network
low complexity
cisco CWE-306
7.5
7.5
2018-07-18 CVE-2018-0375 Use of Hard-coded Credentials vulnerability in Cisco Mobility Services Engine and Policy Suite
A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials.
network
low complexity
cisco CWE-798
critical
 10.0
10
2018-07-18 CVE-2018-0374 Missing Authentication for Critical Function vulnerability in Cisco Mobility Services Engine 14.0.0
A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database.
network
low complexity
cisco CWE-306
7.5
7.5
2018-02-08 CVE-2018-0116 Improper Authentication vulnerability in Cisco Mobility Services Engine 13.0.0/13.1.0/14.0.0
A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username.
network
low complexity
cisco CWE-287
6.4
6.4