CVE-2019-1848

Published: Jun 20, 2019Modified: Nov 21, 2024

9.3

Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.8

Source: NVD

Description

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could exploit this vulnerability by connecting an unauthorized network device to the subnet designated for cluster services. A successful exploit could allow an attacker to reach internal services that are not hardened for external access.

Affected (1)

Products: Cisco: Digital Network Architecture Center

1 product

Digital Network Architecture Center

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Digital Network Architecture Center	Before 1.3

Related CWEs

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (4)

http://www.securityfocus.com/bid/108837

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-dnac-bypass

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/108837

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-dnac-bypass

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.