a set of critical vulnerabilities in Policy Suite which permit attackers to cause havoc in the software 's databases . This week , the tech giant releasedVulnerability-related.PatchVulnerabilitya security advisory detailing four vulnerabilities which could place enterprise users at risk of information leaks , account compromise , database tampering , and more . The first vulnerability , CVE-2018-0374 , has earned a CVSS base score of 9.8 . Described asVulnerability-related.DiscoverVulnerabilityan unauthenticated bypass bug , the security flaw `` could allow an unauthenticated , remote attacker to connect directly to the Policy Builder database , '' according to Cisco . The bug has been caused by a simple lack of authentication and as there is no requirement for identity verification , Policy Builder databases can be accessed and tampering with without limitation . Cisco Policy Suite releases prior to 18.2.0 are affectedVulnerability-related.DiscoverVulnerability. The second vulnerability , CVE-2018-0375 , is a default password error . The CVSS 9.8 bug is present inVulnerability-related.DiscoverVulnerabilitythe Cluster Manager of Cisco Policy Suite and could allow an unauthenticated , remote attacker to log in to a vulnerable system using a root account . The serious security problem has emergedVulnerability-related.DiscoverVulnerabilitydue to the use of undocumented , static user credentials for root accounts . If a hacker has knowledge of these credentials , they can become a root user and are able to execute arbitrary commands . Versions of the software prior to 18.2.0 are vulnerableVulnerability-related.DiscoverVulnerabilityto exploit . The third bug , CVE-2018-0376 , is another unauthenticated access problem and is also caused by a lack of authentication measures . `` A successful exploit could allow the attacker to make changes to existing repositories and create new repositories , '' Cisco saysVulnerability-related.DiscoverVulnerability. Cisco Policy Suite versions prior to 18.2.0 are affectedVulnerability-related.DiscoverVulnerability. The fourth security flaw , CVE-2018-0377 , affectsVulnerability-related.DiscoverVulnerabilitythe Open Systems Gateway initiative ( OSGi ) interface of Cisco Policy Suite . There is a lack of authentication within the OSGi interface which permits attackers to circumvent security processes and directly connect to the interface , access any files contained within they wish , and modify any content which is accessible through the process . This vulnerability impactsVulnerability-related.DiscoverVulnerabilityPolicy Suite versions prior to 18.1.0 . There are no workarounds to circumvent these vulnerabilities . However , patches have been issued to addressVulnerability-related.PatchVulnerabilitythem and Cisco says that no reports have been received which indicate the bugs are being exploitedVulnerability-related.DiscoverVulnerabilityin the wild . In addition , Cisco has revealedVulnerability-related.DiscoverVulnerabilityseven now-patched bugs affectingVulnerability-related.DiscoverVulnerabilitySD-WAN solutions . The vulnerabilities included command injection security flaws , a remote code execution bug , and arbitrary file overwrite issues .