CVE-2018-0268

CWE-3584 documents4 sources
Severity
10.0CRITICAL
EPSS
9.6%
top 7.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Digital Network Architecture Center
Timeline
PublishedMay 17
Latest updateMay 13

Description

A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the Kubernetes container management subsystem within DNA Center. An attacker who has the ability to access the Kubernetes service port could execute commands with elevated privileges within provisioned containers. A successful

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages2 packages

CVEListV5cisco_digital_network_architecture_centerCisco Digital Network Architecture Center

🔴Vulnerability Details

2
GHSA
GHSA-jxrp-hx95-x2ch: A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attack2022-05-13
CVEList
CVE-2018-0268: A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attack2018-05-17

📋Vendor Advisories

1
Cisco
Cisco Digital Network Architecture Center Unauthorized Access Vulnerability2018-05-16
CVE-2018-0268 (CRITICAL CVSS 10) | A vulnerability in the container ma | cvebase.io