CVE-2018-15386

CWE-164 documents4 sources

Severity

9.8CRITICAL

EPSS

0.3%

top 50.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Digital Network Architecture Center (dna Center)Cisco Digital Network Architecture Center

Timeline

PublishedOct 5

Latest updateMay 13

Description

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/digital_network_architecture_center4 versions+3

▶CVEListV5cisco/cisco_digital_network_architecture_center_(dna_center)n/a

🔴Vulnerability Details

GHSA

GHSA-9f8q-cq6p-jfgv: A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have d↗2022-05-13

▶

CVEList

Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability↗2018-10-05

▶

📋Vendor Advisories

Cisco

Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability↗2018-10-03

▶