CVE-2019-1841Confused Deputy in Cisco Digital Network Architecture Center

CWE-441Confused DeputyCWE-20Improper Input Validation4 documents4 sources
Severity
8.1HIGHNVD
CNA6.5
EPSS
1.2%
top 21.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Digital Network Architecture CenterCisco Catalyst Center
Timeline
PublishedApr 18
Latest updateMay 13

Description

A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending arbitrary HTTP requests to internal services. An exploit could allow the attacker to bypass any firewall or other protections to access unauthorized internal services. DNAC versio

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5cisco/cisco_digital_network_architecture_centerunspecifiedDNAC1.2.5

🔴Vulnerability Details

2
GHSA
GHSA-qv68-8f3p-28pf: A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal servi2022-05-13
CVEList
Cisco DNA Center Unintended Proxy Via SWIM Import Interface Vulnerability2019-04-18

📋Vendor Advisories

1
Cisco
Cisco DNA Center Unintended Proxy Via SWIM Import Interface Vulnerability2019-04-17
CVE-2019-1841 — Confused Deputy in Cisco | cvebase