CVE-2018-0271

CWE-287 — Improper Authentication4 documents4 sources

Severity

9.8CRITICAL

EPSS

3.0%

top 13.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Digital Network Architecture Center

Timeline

PublishedMay 17

Latest updateMay 13

Description

A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could exploit this vulnerability by submitting a crafted URL designed to exploit the issue. A successful exploit could allow the attacker to gain unauthenticated access to critical services, resulting in elevat…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/digital_network_architecture_center< 1.1.2

▶CVEListV5cisco_digital_network_architecture_centerCisco Digital Network Architecture Center

🔴Vulnerability Details

GHSA

GHSA-cmgw-hg4c-4pp2: A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass au↗2022-05-13

▶

CVEList

CVE-2018-0271: A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass au↗2018-05-17

▶

📋Vendor Advisories

Cisco

Cisco Digital Network Architecture Center Authentication Bypass Vulnerability↗2018-05-16

▶