CVE-2018-15386

Published: Oct 5, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.

Affected (4)

Products: Cisco: Digital Network Architecture Center

Cisco

1 product

Digital Network Architecture Center

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Cisco Digital Network Architecture Center	Version 1.1.1
Cisco Digital Network Architecture Center	Version 1.1.2
Cisco Digital Network Architecture Center	Version 1.1.3
Cisco Digital Network Architecture Center	Version 1.1

Related CWEs

CWE-16

References (4)

http://www.securityfocus.com/bid/105504

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/105504

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.