Sign-up

ID

VAR-201805-0513


CVE

CVE-2018-0271


TITLE

Cisco Digital Network Architecture Center Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-005159

DESCRIPTION

A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could exploit this vulnerability by submitting a crafted URL designed to exploit the issue. A successful exploit could allow the attacker to gain unauthenticated access to critical services, resulting in elevated privileges in DNA Center. This vulnerability affects Cisco DNA Center Software Releases prior to 1.1.2. Cisco Bug IDs: CSCvi09394. Vendors have confirmed this vulnerability Bug ID CSCvi09394 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This may lead to further attacks. The solution scales and protects devices, applications, and more within the network. API gateway is one of API (Application Programming Interface) Gateway

Trust: 2.07

sources: NVD: CVE-2018-0271 // JVNDB: JVNDB-2018-005159 // BID: 104191 // VULHUB: VHN-118473 // VULMON: CVE-2018-0271

AFFECTED PRODUCTS

vendor:ciscomodel:digital network architecture centerscope:ltversion:1.1.2

Trust: 1.8

vendor:ciscomodel:dna center softwarescope:eqversion:1.1.1

Trust: 0.3

vendor:ciscomodel:dna center softwarescope:eqversion:1.1

Trust: 0.3

vendor:ciscomodel:dna center softwarescope:neversion:1.1.2

Trust: 0.3

sources: BID: 104191 // JVNDB: JVNDB-2018-005159 // NVD: CVE-2018-0271

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0271
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-0271
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201805-631
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118473
value: HIGH

Trust: 0.1

VULMON: CVE-2018-0271
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0271
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-118473
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0271
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118473 // VULMON: CVE-2018-0271 // JVNDB: JVNDB-2018-005159 // CNNVD: CNNVD-201805-631 // NVD: CVE-2018-0271

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-118473 // JVNDB: JVNDB-2018-005159 // NVD: CVE-2018-0271

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-631

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201805-631

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005159

PATCH
title:cisco-sa-20180516-dna2url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2
Trust: 0.8
title:Cisco Digital Network Architecture Center API gateway Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83555
Trust: 0.6
title:Cisco: Cisco Digital Network Architecture Center Authentication Bypass Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180516-dna2
Trust: 0.1
title:Threatposturl:https://threatpost.com/cisco-warns-of-three-critical-bugs-in-digital-network-architecture-platform/132057/
Trust: 0.1
title:The Registerurl:https://www.theregister.co.uk/2018/05/16/cisco_dna_update/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-0271 // 
            
            
            
            JVNDB: JVNDB-2018-005159 // 
            
            
            
            CNNVD: CNNVD-201805-631

EXTERNAL IDS
db:NVDid:CVE-2018-0271
Trust: 2.9
db:BIDid:104191
Trust: 2.1
db:JVNDBid:JVNDB-2018-005159
Trust: 0.8
db:CNNVDid:CNNVD-201805-631
Trust: 0.6
db:VULHUBid:VHN-118473
Trust: 0.1
db:VULMONid:CVE-2018-0271
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118473 // 
            
            
            
            VULMON: CVE-2018-0271 // 
            
            
            
            BID: 104191 // 
            
            
            
            JVNDB: JVNDB-2018-005159 // 
            
            
            
            CNNVD: CNNVD-201805-631 // 
            
            
            
            NVD: CVE-2018-0271

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180516-dna2
Trust: 2.2
url:http://www.securityfocus.com/bid/104191
Trust: 1.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0271
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0271
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/cisco-warns-of-three-critical-bugs-in-digital-network-architecture-platform/132057/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118473 // 
            
            
            
            VULMON: CVE-2018-0271 // 
            
            
            
            BID: 104191 // 
            
            
            
            JVNDB: JVNDB-2018-005159 // 
            
            
            
            CNNVD: CNNVD-201805-631 // 
            
            
            
            NVD: CVE-2018-0271

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 104191

SOURCES
db:VULHUBid:VHN-118473
db:VULMONid:CVE-2018-0271
db:BIDid:104191
db:JVNDBid:JVNDB-2018-005159
db:CNNVDid:CNNVD-201805-631
db:NVDid:CVE-2018-0271

LAST UPDATE DATE
2024-11-23T22:58:59.517000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118473date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-0271date:2019-10-09T00:00:00
db:BIDid:104191date:2018-05-16T00:00:00
db:JVNDBid:JVNDB-2018-005159date:2018-07-09T00:00:00
db:CNNVDid:CNNVD-201805-631date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0271date:2024-11-21T03:37:51.283

SOURCES RELEASE DATE
db:VULHUBid:VHN-118473date:2018-05-17T00:00:00
db:VULMONid:CVE-2018-0271date:2018-05-17T00:00:00
db:BIDid:104191date:2018-05-16T00:00:00
db:JVNDBid:JVNDB-2018-005159date:2018-07-09T00:00:00
db:CNNVDid:CNNVD-201805-631date:2018-05-18T00:00:00
db:NVDid:CVE-2018-0271date:2018-05-17T03:29:00.357