Details of VAR-201810-0323

ID

VAR-201810-0323

CVE

CVE-2018-0448

TITLE

Cisco Digital Network Architecture Center Vulnerabilities related to cryptographic strength

Trust: 0.8

sources: JVNDB: JVNDB-2018-013275

DESCRIPTION

A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and make unauthorized modifications to existing system users as well as create new users. Cisco Digital Network Architecture Center is prone to an authentication-bypass vulnerability. This may lead to further attacks. This issue is being tracked by Cisco bug CSCvi47699. The solution scales and protects devices, applications, and more within the network

Trust: 1.98

sources: NVD: CVE-2018-0448 // JVNDB: JVNDB-2018-013275 // BID: 105502 // VULHUB: VHN-118650

AFFECTED PRODUCTS

vendor:	cisco	model:	digital network architecture center	scope:	lt	version:	1.1.4	Trust: 1.0
vendor:	cisco	model:	digital network architecture center	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	dna center software	scope:	eq	version:	1.1.3	Trust: 0.3
vendor:	cisco	model:	dna center software	scope:	eq	version:	1.1.2	Trust: 0.3
vendor:	cisco	model:	dna center software	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	cisco	model:	dna center software	scope:	eq	version:	1.1	Trust: 0.3
vendor:	cisco	model:	dna center	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	dna center	scope:	ne	version:	1.1.4	Trust: 0.3

sources: BID: 105502 // JVNDB: JVNDB-2018-013275 // NVD: CVE-2018-0448

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0448
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-0448
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201810-175
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-118650
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0448
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118650
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0448
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0448
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-118650 // JVNDB: JVNDB-2018-013275 // CNNVD: CNNVD-201810-175 // NVD: CVE-2018-0448

PROBLEMTYPE DATA

problemtype:

CWE-326

Trust: 1.9

sources: VULHUB: VHN-118650 // JVNDB: JVNDB-2018-013275 // NVD: CVE-2018-0448

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-175

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201810-175

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013275

PATCH

title:	cisco-sa-20181003-dna-auth-bypass	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-auth-bypass	Trust: 0.8
title:	Cisco Digital Network Architecture Center Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85389	Trust: 0.6

sources: JVNDB: JVNDB-2018-013275 // CNNVD: CNNVD-201810-175

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0448	Trust: 2.8
db:	BID	id:	105502	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-013275	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-175	Trust: 0.7
db:	VULHUB	id:	VHN-118650	Trust: 0.1

sources: VULHUB: VHN-118650 // BID: 105502 // JVNDB: JVNDB-2018-013275 // CNNVD: CNNVD-201810-175 // NVD: CVE-2018-0448

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-dna-auth-bypass	Trust: 2.0
url:	http://www.securityfocus.com/bid/105502	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0448	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0448	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118650 // BID: 105502 // JVNDB: JVNDB-2018-013275 // CNNVD: CNNVD-201810-175 // NVD: CVE-2018-0448

CREDITS

Cisco

Trust: 0.3

sources: BID: 105502

SOURCES

db:	VULHUB	id:	VHN-118650
db:	BID	id:	105502
db:	JVNDB	id:	JVNDB-2018-013275
db:	CNNVD	id:	CNNVD-201810-175
db:	NVD	id:	CVE-2018-0448

LAST UPDATE DATE

2024-08-14T15:34:08.897000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118650	date:	2020-08-12T00:00:00
db:	BID	id:	105502	date:	2018-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013275	date:	2019-02-18T00:00:00
db:	CNNVD	id:	CNNVD-201810-175	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0448	date:	2020-08-12T12:57:44.773

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118650	date:	2018-10-05T00:00:00
db:	BID	id:	105502	date:	2018-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013275	date:	2019-02-18T00:00:00
db:	CNNVD	id:	CNNVD-201810-175	date:	2018-10-08T00:00:00
db:	NVD	id:	CVE-2018-0448	date:	2018-10-05T14:29:02.920