CVE-2018-0271

CVE Database · CVE-2018-0271

CVE-2018-0271

· N/AModified

CVSS v3.1

N/A

EPSS

2.75%

Published

May 17, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could exploit this vulnerability by submitting a crafted URL designed to exploit the issue. A successful exploit could allow the attacker to gain unauthenticated access to critical services, resulting in elevated privileges in DNA Center. This vulnerability affects Cisco DNA Center Software Releases prior to 1.1.2. Cisco Bug IDs: CSCvi09394.

Weaknesses (CWE)

CWE-287CWE-287

Affected Products (1)

cisco · digital_network_architecture_center (up to 1.1.2)vulnerable

References (4)

http://www.securityfocus.com/bid/104191

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2

Vendor Advisory

http://www.securityfocus.com/bid/104191

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs