CVE-2018-0393

Name: CVE-2018-0393
Creator: NVD / NIST
Published: 2018-07-18T23:29:01.18+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.94%

Last modified Jun 17, 2026

CVE-2018-0393 is a vulnerability of currently unknown severity. A Read-Only User Effect Change vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder interface. The vulnerability is due to insufficient authorization controls. EPSS estimates a 0.94% chance of exploitation in the next 30 days.

Description

A Read-Only User Effect Change vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by accessing the Policy Builder interface and modifying an HTTP request. A successful exploit could allow the attacker to make changes to existing policies. Cisco Bug IDs: CSCvi35007.

Metrics

EPSS Probability

0.94%

56.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-285

Affected Software

Vendor	Product	Versions
Cisco	Mobility Services Engine 3365 Firmware	18.0.0
Cisco	Mobility Services Engine 3355 Firmware	18.0.0
Cisco	Mobility Services Engine 3310 Firmware	18.0.0

References

http://www.securityfocus.com/bid/104867Third Party Advisory, VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-suite-changeVendor Advisory
http://www.securityfocus.com/bid/104867Third Party Advisory, VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-suite-changeVendor Advisory

Timeline

Published: Jul 18, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-0393?

How severe is CVE-2018-0393?

Severity scoring for CVE-2018-0393 is pending analysis. The EPSS model estimates a 0.94% probability of exploitation in the next 30 days.

How do I fix CVE-2018-0393?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-0393?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST