How severe is CVE-2018-0089?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2018-0089?

This is classified as CWE-264, which is a common weakness in software security.

CVE-2018-0089 - HIGH Severity | CVSS 7.5

Vulnerability Description

A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access to the internal VLAN where CPS is deployed. The vulnerability is due to incorrect permissions of certain system files and not sufficiently protecting sensitive data that is at rest. An attacker could exploit the vulnerability by using certain tools available on the internal network interface to request and view system files. An exploit could allow the attacker to find out sensitive information about the application. Cisco Bug IDs: CSCvf77666.

Related Vulnerabilities

CVE-2013-7432

HIGH

CVSS:7.5(High)

The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to bypass an intended protection mechanism.

CWE-2642013

CVE-2014-10058

HIGH

CVSS:7.5(High)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 8...

CWE-2642014

CVE-2014-3576

HIGH

CVSS:7.5(High)

The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.

CWE-2642014

CVE-2014-7851

HIGH

CVSS:7.5(High)

oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that use...

CWE-2642014

CVE-2014-8421

HIGH

CVSS:7.5(High)

Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ...

CWE-2642014

CVE-2015-1378

HIGH

CVSS:7.5(High)

cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users.

CWE-2642015