CVE-2018-0448

CWE-3264 documents4 sources
Severity
9.8CRITICAL
EPSS
1.1%
top 21.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Digital Network Architecture CenterCisco Cisco Digital Network Architecture Center (dna Center)
Timeline
PublishedOct 5
Latest updateMay 13

Description

A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and mak

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-9hgc-2mc5-jwf8: A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker2022-05-13
CVEList
Cisco Digital Network Architecture Center Authentication Bypass Vulnerability2018-10-05

📋Vendor Advisories

1
Cisco
Cisco Digital Network Architecture Center Authentication Bypass Vulnerability2018-10-03
CVE-2018-0448 (CRITICAL CVSS 9.8) | A vulnerability in the identity man | cvebase.io