CVE-2018-0269

CWE-200Information ExposureCWE-863Incorrect Authorization6 documents5 sources
Severity
4.3MEDIUM
EPSS
0.6%
top 31.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Digital Network Architecture Center
Timeline
PublishedApr 19
Latest updateMay 13

Description

A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing (CORS) policy. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. An exploit could allow the attacker to communicate with the API and exfiltrate sensitive information. Ci

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco_dna_centerCisco DNA Center

🔴Vulnerability Details

2
GHSA
GHSA-66mm-frqr-r7x4: A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to2022-05-13
CVEList
CVE-2018-0269: A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to2018-04-19

📋Vendor Advisories

1
Cisco
Cisco DNA Center Cross Origin Resource Sharing Vulnerability2018-04-18

💬Community

1
Bugzilla
CVE-2018-1041 jboss-remoting: High CPU Denial of Service2018-01-03
CVE-2018-0269 (MEDIUM CVSS 4.3) | A vulnerability in the web framewor | cvebase.io