First published: Wed Jul 18 2018(Updated: )
A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process. Cisco Bug IDs: CSCvh18017.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Mobility Services Engine | =14.0.0 | |
Cisco Policy Suite | <18.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2018-0377.
The severity of CVE-2018-0377 is critical.
The affected software of CVE-2018-0377 is Cisco Mobility Services Engine version 14.0.0 and Cisco Policy Suite up to exclusive version 18.1.0.
An attacker can exploit CVE-2018-0377 by directly connecting to the Open Systems Gateway initiative (OSGi) interface without authentication.
More information about CVE-2018-0377 can be found at the following references: [http://www.securityfocus.com/bid/104850](http://www.securityfocus.com/bid/104850) [https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access)