cbcvebase.
CVE-2018-0268
published 2018-05-17

CVE-2018-0268: A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to…

PriorityP270critical10CVSS 3.0
AVNACLPRNUINSCCHIHAH
EPSS
5.40%
91.7th percentile
A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the Kubernetes container management subsystem within DNA Center. An attacker who has the ability to access the Kubernetes service port could execute commands with elevated privileges within provisioned containers. A successful exploit could result in a complete compromise of affected containers. This vulnerability affects Cisco DNA Center Software Releases 1.1.3 and prior. Cisco Bug IDs: CSCvi47253.

Affected

2 ranges
VendorProductVersion rangeFixed in
ciscodigital_network_architecture_center<= 1.1.3
ciscodigital_network_architecture_center_unauthorized_access

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor for unauthenticated access attempts to the Kubernetes service port on Cisco DNA Center appliances running Software Releases 1.1.3 and prior
  • Alert on unexpected command execution or privilege escalation activity originating from within Kubernetes-managed containers on Cisco DNA Center
  • ·The vulnerability stems from an insecure default configuration of the Kubernetes container management subsystem within Cisco DNA Center — the Kubernetes API server port is exposed without authentication by default
  • ·Affected versions are Cisco DNA Center Software Releases 1.1.3 and prior; upgrade to a patched release as no workarounds exist

CVSS provenance

nvdv3.010.0CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.