var-201801-1040
Vulnerability from variot
A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access to the internal VLAN where CPS is deployed. The vulnerability is due to incorrect permissions of certain system files and not sufficiently protecting sensitive data that is at rest. An attacker could exploit the vulnerability by using certain tools available on the internal network interface to request and view system files. An exploit could allow the attacker to find out sensitive information about the application. Cisco Bug IDs: CSCvf77666. Vendors have confirmed this vulnerability Bug ID CSCvf77666 It is released as.Information may be obtained. This may aid in further attacks. This solution provides functions such as user-based business rules, real-time management of applications and network resources. Policy and Charging Rules Function (PCRF) is one of the policy and rule setting functional components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1040",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "policy suite",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.0.0"
},
{
"model": "policy suite",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "11.0.0"
},
{
"model": "policy suite",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "11.1.0"
},
{
"model": "policy suite",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "policy suite software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mobility services engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1"
},
{
"model": "mobility services engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0"
},
{
"model": "mobility services engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0"
}
],
"sources": [
{
"db": "BID",
"id": "102758"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001504"
},
{
"db": "NVD",
"id": "CVE-2018-0089"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-630"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:policy_suite:11.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:policy_suite:10.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:policy_suite:11.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0089"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "102758"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0089",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-0089",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-118291",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-0089",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-0089",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-630",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-118291",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118291"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001504"
},
{
"db": "NVD",
"id": "CVE-2018-0089"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-630"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access to the internal VLAN where CPS is deployed. The vulnerability is due to incorrect permissions of certain system files and not sufficiently protecting sensitive data that is at rest. An attacker could exploit the vulnerability by using certain tools available on the internal network interface to request and view system files. An exploit could allow the attacker to find out sensitive information about the application. Cisco Bug IDs: CSCvf77666. Vendors have confirmed this vulnerability Bug ID CSCvf77666 It is released as.Information may be obtained. This may aid in further attacks. This solution provides functions such as user-based business rules, real-time management of applications and network resources. Policy and Charging Rules Function (PCRF) is one of the policy and rule setting functional components",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0089"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001504"
},
{
"db": "BID",
"id": "102758"
},
{
"db": "VULHUB",
"id": "VHN-118291"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0089",
"trust": 2.8
},
{
"db": "BID",
"id": "102758",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001504",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-630",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-118291",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118291"
},
{
"db": "BID",
"id": "102758"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001504"
},
{
"db": "NVD",
"id": "CVE-2018-0089"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-630"
}
]
},
"id": "VAR-201801-1040",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-118291"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:02:48.722000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20180117-cps",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-cps"
},
{
"title": "Cisco Policy Suite Policy and Charging Rules Function Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77810"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001504"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-630"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.1
},
{
"problemtype": "CWE-732",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118291"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001504"
},
{
"db": "NVD",
"id": "CVE-2018-0089"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-cps"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/102758"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0089"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0089"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118291"
},
{
"db": "BID",
"id": "102758"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001504"
},
{
"db": "NVD",
"id": "CVE-2018-0089"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-630"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-118291"
},
{
"db": "BID",
"id": "102758"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001504"
},
{
"db": "NVD",
"id": "CVE-2018-0089"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-630"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-18T00:00:00",
"db": "VULHUB",
"id": "VHN-118291"
},
{
"date": "2018-01-23T00:00:00",
"db": "BID",
"id": "102758"
},
{
"date": "2018-02-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001504"
},
{
"date": "2018-01-18T06:29:00.440000",
"db": "NVD",
"id": "CVE-2018-0089"
},
{
"date": "2018-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-630"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118291"
},
{
"date": "2018-01-23T00:00:00",
"db": "BID",
"id": "102758"
},
{
"date": "2018-02-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001504"
},
{
"date": "2019-10-09T23:31:12.503000",
"db": "NVD",
"id": "CVE-2018-0089"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-630"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-630"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Policy Suite Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001504"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-630"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.