Sign-up

ID

VAR-201804-1008


CVE

CVE-2018-0269


TITLE

Cisco Digital Network Architecture Center Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-004318

DESCRIPTION

A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing (CORS) policy. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. An exploit could allow the attacker to communicate with the API and exfiltrate sensitive information. Cisco Bug IDs: CSCvh99208. Vendors have confirmed this vulnerability Bug ID CSCvh99208 It is released as.Information may be obtained. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. The solution scales and protects devices, applications, and more within the network

Trust: 2.07

sources: NVD: CVE-2018-0269 // JVNDB: JVNDB-2018-004318 // BID: 103950 // VULHUB: VHN-118471 // VULMON: CVE-2018-0269

AFFECTED PRODUCTS

vendor:ciscomodel:digital network architecture centerscope:eqversion:1.1

Trust: 1.6

vendor:ciscomodel:digital network architecture centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:dna centerscope:eqversion:0

Trust: 0.3

sources: BID: 103950 // JVNDB: JVNDB-2018-004318 // CNNVD: CNNVD-201804-1088 // NVD: CVE-2018-0269

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0269
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0269
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201804-1088
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118471
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-0269
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0269
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-118471
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0269
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2018-0269
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-118471 // VULMON: CVE-2018-0269 // JVNDB: JVNDB-2018-004318 // CNNVD: CNNVD-201804-1088 // NVD: CVE-2018-0269

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-863

Trust: 1.1

sources: VULHUB: VHN-118471 // JVNDB: JVNDB-2018-004318 // NVD: CVE-2018-0269

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1088

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201804-1088

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004318

PATCH
title:cisco-sa-20180418-dna1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-dna1
Trust: 0.8
title:Cisco: Cisco DNA Center Cross Origin Resource Sharing Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180418-dna1
Trust: 0.1
title: - url:https://github.com/BADOUANA/tdDevops 
Trust: 0.1
title:vul-info-collecturl:https://github.com/starnightcyber/vul-info-collect 
Trust: 0.1
title:doraurl:https://github.com/s-index/dora 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-0269 // 
            
            
            
            JVNDB: JVNDB-2018-004318

EXTERNAL IDS
db:NVDid:CVE-2018-0269
Trust: 2.9
db:BIDid:103950
Trust: 2.1
db:JVNDBid:JVNDB-2018-004318
Trust: 0.8
db:CNNVDid:CNNVD-201804-1088
Trust: 0.6
db:VULHUBid:VHN-118471
Trust: 0.1
db:VULMONid:CVE-2018-0269
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118471 // 
            
            
            
            VULMON: CVE-2018-0269 // 
            
            
            
            BID: 103950 // 
            
            
            
            JVNDB: JVNDB-2018-004318 // 
            
            
            
            CNNVD: CNNVD-201804-1088 // 
            
            
            
            NVD: CVE-2018-0269

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180418-dna1
Trust: 2.2
url:http://www.securityfocus.com/bid/103950
Trust: 1.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0269
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0269
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/863.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/badouana/tddevops
Trust: 0.1
url:https://github.com/starnightcyber/vul-info-collect
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118471 // 
            
            
            
            VULMON: CVE-2018-0269 // 
            
            
            
            BID: 103950 // 
            
            
            
            JVNDB: JVNDB-2018-004318 // 
            
            
            
            CNNVD: CNNVD-201804-1088 // 
            
            
            
            NVD: CVE-2018-0269

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 103950

SOURCES
db:VULHUBid:VHN-118471
db:VULMONid:CVE-2018-0269
db:BIDid:103950
db:JVNDBid:JVNDB-2018-004318
db:CNNVDid:CNNVD-201804-1088
db:NVDid:CVE-2018-0269

LAST UPDATE DATE
2024-11-23T22:48:44.129000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118471date:2020-09-04T00:00:00
db:VULMONid:CVE-2018-0269date:2020-09-04T00:00:00
db:BIDid:103950date:2018-04-18T00:00:00
db:JVNDBid:JVNDB-2018-004318date:2018-06-18T00:00:00
db:CNNVDid:CNNVD-201804-1088date:2020-09-07T00:00:00
db:NVDid:CVE-2018-0269date:2024-11-21T03:37:51.050

SOURCES RELEASE DATE
db:VULHUBid:VHN-118471date:2018-04-19T00:00:00
db:VULMONid:CVE-2018-0269date:2018-04-19T00:00:00
db:BIDid:103950date:2018-04-18T00:00:00
db:JVNDBid:JVNDB-2018-004318date:2018-06-18T00:00:00
db:CNNVDid:CNNVD-201804-1088date:2018-04-19T00:00:00
db:NVDid:CVE-2018-0269date:2018-04-19T20:29:01.580