Cisco has informed users of its Policy Suite service that it has discovered different vulnerabilities, which would allow hackers to remotely gain access to different functions of their solutions, as reported by specialists in enterprise data protection services from the International Institute of Cyber Security.
Policy Suite brings a framework for building rules that can be used to enforce business logic against policy enforcement points such as network routers and packet-data gateways. It is mainly used by organizations that operate with wireless and mobile systems.
According to enterprise data protection services experts, the vulnerability is due to the lack of authentication, which means a hacker could access and make changes to existing repositories and create new ones. In addition, a particular vulnerability could allow a remote attacker to log into an affected system using the root account, which has default user credentials. An exploit could allow the hacker to login to the affected system and execute arbitrary commands as the root user.
Cisco has also launched patches for its SD-WAN solution, with seven high-rate alerts, and its VPN subsystem. For the SD-WAN solution, there are Denial of Service and file overwriting vulnerabilities.
These vulnerabilities affect previous versions of the 18.2.0 software, and there are no mid-term solutions that can fix it. The tech company has released free software updates that aim the vulnerability, and its security incident response team believes there has been no malicious use.
Last week, specialists in enterprise data protection services reported the rise of different vulnerabilities that would affect Cisco’s Internet phone call service by VoIP.