CVE-2018-0448

CVE Database · CVE-2018-0448

CVE-2018-0448

· CRITICALModified

CVSS v3.1

9.8

EPSS

2.14%

Published

Oct 5, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and make unauthorized modifications to existing system users as well as create new users.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-326CWE-326

Affected Products (1)

cisco · digital_network_architecture_center (up to 1.1.4)vulnerable

References (4)

http://www.securityfocus.com/bid/105502

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-auth-bypass

Vendor Advisory

http://www.securityfocus.com/bid/105502

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-auth-bypass

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs