Vulnerabilities > Cisco > Policy Suite

DATE CVE VULNERABILITY TITLE RISK
2021-11-04 CVE-2021-40119 Use of Hard-coded Credentials vulnerability in Cisco Policy Suite
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user.
network
low complexity
cisco CWE-798
critical
9.8
2018-07-18 CVE-2018-0377 Missing Authentication for Critical Function vulnerability in Cisco Mobility Services Engine and Policy Suite
A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface.
network
low complexity
cisco CWE-306
critical
9.8
2018-07-18 CVE-2018-0376 Missing Authentication for Critical Function vulnerability in Cisco Mobility Services Engine and Policy Suite
A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface.
network
low complexity
cisco CWE-306
critical
9.8
2018-07-18 CVE-2018-0375 Use of Hard-coded Credentials vulnerability in Cisco Mobility Services Engine and Policy Suite
A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials.
network
low complexity
cisco CWE-798
critical
9.8
2018-01-18 CVE-2018-0089 Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Policy Suite 10.0.0/11.0.0/11.1.0
A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data.
network
low complexity
cisco CWE-732
7.5
2017-08-17 CVE-2017-6781 Improper Authentication vulnerability in Cisco Policy Suite
A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system.
local
low complexity
cisco CWE-287
5.3
2017-05-18 CVE-2017-6623 Improper Privilege Management vulnerability in Cisco Policy Suite 10.0.0/10.1.0/11.0.0
A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root.
local
low complexity
cisco CWE-269
7.8