CVE-2018-0269

CVE Database · CVE-2018-0269

CVE-2018-0269

· MEDIUMModified

CVSS v3.1

4.3

EPSS

1.34%

Published

Apr 19, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing (CORS) policy. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. An exploit could allow the attacker to communicate with the API and exfiltrate sensitive information. Cisco Bug IDs: CSCvh99208.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-200CWE-863

Affected Products (1)

cisco · digital_network_architecture_centervulnerable

References (4)

http://www.securityfocus.com/bid/103950

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-dna1

Vendor Advisory

http://www.securityfocus.com/bid/103950

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-dna1

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs