Executive Summary
Summary | |
---|---|
Title | Cisco Digital Network Architecture Center Authentication Bypass Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180516-dna2 | First vendor Publication | 2018-05-16 |
Vendor | Cisco | Last vendor Modification | 2018-05-16 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could exploit this vulnerability by submitting a crafted URL designed to exploit the issue. A successful exploit could allow the attacker to gain unauthenticated access to critical services, resulting in elevated privileges in DNA Center. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2"] BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJa/FiJXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczZroQAMgfuqM11MZYa54e9cnE28Z7IPe1 c4afYJHKSBLhsv16jtxqdJJmCFFR5JwK8I6afZmD7oMpJstB+cgkbCkfBKePVjsK GrcXh4/hYEB8fLqex6+VYpIGvKxgGetFhwHO4U+dOv341lXV7pPL2YWGVRUiRYuS 4OH7GZUAz+NpehyxF6do03BDxG68vjRhK94l23n7JC6rjFzpBPcsFuBVh4x1HMyA 2wWomSyKpXhsiwo7YpTLFNhtZtfxAstd/HzXbF5Y//bBxmUxXKbB6XqZZlDP8TPH Tad7JzlXSwvj0w0psUmojDe8xgA//Lm8y0NKM9EdM2NGXjD8TBR++pNDeyLrNLg +oq00hzOLl24IKUiTZaEUiEG5RANCTZGyCyO6CjXseYCjFMKYG6LP6WphsP3L4oss wOYgyzK5mnZifo8Wutc1muJDPPop0hRmvS4YuyHr8l0Ss8psvTWyI28Rxkah/Kzk YIKo86K4Z9K9tbEa5bQ32zZefjYvO8/wJjL9yWyw/UTfg1NDPVAwsWsIfBxIQ+T9 kYADCSEyTUbCh5XS4wczry4xFRUCw5y1KITkKysYZhzvO8Uds9kIyezjZI1R4G0p gtIe7kCKjNmgsv6km1xD//LAWbpY3sJnnOmMK5XKqTjIAU7zCm39nhttC48P29QY uH7Gkfs96WoM0DUx =SM6z END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-287 | Improper Authentication |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 |
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-05 | Cisco DNA Center API directory traversal attempt RuleID : 46738 - Revision : 1 - Type : SERVER-WEBAPP |
Alert History
Date | Informations |
---|---|
2020-12-05 21:23:46 |
|
2018-06-20 17:21:12 |
|
2018-05-17 09:21:34 |
|
2018-05-16 21:18:41 |
|