cisco-sa-20181003-dna-auth-bypass

Cisco Digital Network Architecture Center Authentication Bypass Vulnerability

cisco-sa-20181003-dna-auth-bypass · Critical · Published 7 years ago · Updated 7 years ago

A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and make unauthorized modifications to existing system users as well as create new users. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-auth-bypass

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEs	CVE-2018-0448
Cisco Bug IDs	CSCvi47699
CVSS Score	Base 9.8 Base 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source	Cisco Digital Network Architecture Center (DNA Center)

CSAF Product Statuses

Product	Status	Source	CVE	Rows
Cisco Digital Network Architecture Center (DNA Center)	known_affected	cisco_csaf	CVE-2018-0448	1

Related Products

Product	CVE	Evidence
Cisco Digital Network Architecture Center (DNA Center)	CVE-2018-0448	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco Digital Network Architecture Center Authentication Bypass Vulnerability

Workarounds

CSAF Product Statuses

Related Products