Sign-up

ID

VAR-201805-0504


CVE

CVE-2018-0222


TITLE

Cisco Digital Network Architecture Center Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2018-005152

DESCRIPTION

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the default administrative account for the affected software. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands with root privileges. This vulnerability affects all releases of Cisco DNA Center Software prior to Release 1.1.3. Cisco Bug IDs: CSCvh98929. Vendors have confirmed this vulnerability Bug ID CSCvh98929 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks. The solution scales and protects devices, applications, and more within the network

Trust: 2.07

sources: NVD: CVE-2018-0222 // JVNDB: JVNDB-2018-005152 // BID: 104193 // VULHUB: VHN-118424 // VULMON: CVE-2018-0222

AFFECTED PRODUCTS

vendor:ciscomodel:digital network architecture centerscope:ltversion:1.1.3

Trust: 1.0

vendor:ciscomodel:digital network architecture centerscope:lteversion:1.1.3

Trust: 0.8

vendor:ciscomodel:dna center softwarescope:eqversion:1.1.2

Trust: 0.3

vendor:ciscomodel:dna center softwarescope:eqversion:1.1.1

Trust: 0.3

vendor:ciscomodel:dna center softwarescope:eqversion:1.1

Trust: 0.3

vendor:ciscomodel:dna center softwarescope:neversion:1.1.3

Trust: 0.3

sources: BID: 104193 // JVNDB: JVNDB-2018-005152 // NVD: CVE-2018-0222

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0222
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-0222
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201805-634
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118424
value: HIGH

Trust: 0.1

VULMON: CVE-2018-0222
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0222
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-118424
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0222
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118424 // VULMON: CVE-2018-0222 // JVNDB: JVNDB-2018-005152 // CNNVD: CNNVD-201805-634 // NVD: CVE-2018-0222

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-118424 // JVNDB: JVNDB-2018-005152 // NVD: CVE-2018-0222

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-634

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201805-634

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005152

PATCH
title:cisco-sa-20180516-dnacurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dnac
Trust: 0.8
title:Cisco Digital Network Architecture Center Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83558
Trust: 0.6
title:Cisco: Cisco Digital Network Architecture Center Static Credentials Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180516-dnac
Trust: 0.1
title:Threatposturl:https://threatpost.com/cisco-warns-of-three-critical-bugs-in-digital-network-architecture-platform/132057/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-0222 // 
            
            
            
            JVNDB: JVNDB-2018-005152 // 
            
            
            
            CNNVD: CNNVD-201805-634

EXTERNAL IDS
db:NVDid:CVE-2018-0222
Trust: 2.9
db:BIDid:104193
Trust: 2.1
db:JVNDBid:JVNDB-2018-005152
Trust: 0.8
db:CNNVDid:CNNVD-201805-634
Trust: 0.6
db:VULHUBid:VHN-118424
Trust: 0.1
db:VULMONid:CVE-2018-0222
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118424 // 
            
            
            
            VULMON: CVE-2018-0222 // 
            
            
            
            BID: 104193 // 
            
            
            
            JVNDB: JVNDB-2018-005152 // 
            
            
            
            CNNVD: CNNVD-201805-634 // 
            
            
            
            NVD: CVE-2018-0222

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180516-dnac
Trust: 2.2
url:http://www.securityfocus.com/bid/104193
Trust: 1.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0222
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0222
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/cisco-warns-of-three-critical-bugs-in-digital-network-architecture-platform/132057/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118424 // 
            
            
            
            VULMON: CVE-2018-0222 // 
            
            
            
            BID: 104193 // 
            
            
            
            JVNDB: JVNDB-2018-005152 // 
            
            
            
            CNNVD: CNNVD-201805-634 // 
            
            
            
            NVD: CVE-2018-0222

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 104193

SOURCES
db:VULHUBid:VHN-118424
db:VULMONid:CVE-2018-0222
db:BIDid:104193
db:JVNDBid:JVNDB-2018-005152
db:CNNVDid:CNNVD-201805-634
db:NVDid:CVE-2018-0222

LAST UPDATE DATE
2024-11-23T22:17:30.426000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118424date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-0222date:2019-10-09T00:00:00
db:BIDid:104193date:2018-05-16T00:00:00
db:JVNDBid:JVNDB-2018-005152date:2018-07-09T00:00:00
db:CNNVDid:CNNVD-201805-634date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0222date:2024-11-21T03:37:45.883

SOURCES RELEASE DATE
db:VULHUBid:VHN-118424date:2018-05-17T00:00:00
db:VULMONid:CVE-2018-0222date:2018-05-17T00:00:00
db:BIDid:104193date:2018-05-16T00:00:00
db:JVNDBid:JVNDB-2018-005152date:2018-07-09T00:00:00
db:CNNVDid:CNNVD-201805-634date:2018-05-18T00:00:00
db:NVDid:CVE-2018-0222date:2018-05-17T03:29:00.217