image credit

Cisco patches critical vulnerabilities in Policy Suite

July 19, 2018

Via: ZDnet

Cisco has resolved a set of critical vulnerabilities in Policy Suite which permit attackers to cause havoc in the software’s databases.

This week, the tech giant released a security advisory detailing four vulnerabilities which could place enterprise users at risk of information leaks, account compromise, database tampering, and more.

The first vulnerability, CVE-2018-0374, has earned a CVSS base score of 9.8. Described as an unauthenticated bypass bug, the security flaw “could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database,” according to Cisco.

Read More on ZDnet