Cisco has advised users of its Policy Suite that it has discovered vulnerabilities, which allow remote attackers to access different features of the solution.
The company's Policy Suite provides a framework for building rules that can be used to enforce business logic against policy enforcement points such as network routers and packet data gateways. It is mainly used by wireless and mobile organisations.
According to Cisco, the vulnerability is due to a lack of authentication, meaning an attacker could gain access and make changes to existing repositories and create new ones. Furthermore, a vulnerability in the Cluster Manager could allow a remote attacker to log into an affected system using the root account, which has a default, static user credentials. An exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.
Cisco has also pushed out patches for its SD-WAN, with seven high-rated advisories, and its VPN subsystem. For the SD-WAN solution, there is a file overwrite and a denial-of-service vulnerability.
The vulnerability affects releases prior to Release 18.2.0, with no workarounds that can address it. The tech giant has released free software updates that address the vulnerability, with its security incident response team believing that there has not been any malicious use.
The previous week other vulnerabilities were announced by the company for its web-based user interface of the Cisco IP Phone 6800, 7800 and 8800 Series, plus others.
Access to further information can be found here.