Sign-up

ID

VAR-201810-0574


CVE

CVE-2018-15386


TITLE

Cisco Digital Network Architecture Center Vulnerabilities in environment settings

Trust: 0.8

sources: JVNDB: JVNDB-2018-011265

DESCRIPTION

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. This issue is being tracked by Cisco bug IDs CSCvj05082 and CSCvj05086. The solution scales and protects devices, applications, and more within the network

Trust: 1.98

sources: NVD: CVE-2018-15386 // JVNDB: JVNDB-2018-011265 // BID: 105504 // VULHUB: VHN-125640

AFFECTED PRODUCTS

vendor:ciscomodel:digital network architecture centerscope:eqversion:1.1.3

Trust: 1.6

vendor:ciscomodel:digital network architecture centerscope:eqversion:1.1.1

Trust: 1.6

vendor:ciscomodel:digital network architecture centerscope:eqversion:1.1.2

Trust: 1.6

vendor:ciscomodel:digital network architecture centerscope:eqversion:1.1

Trust: 1.0

vendor:ciscomodel:digital network architecture centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:digital network architecture centerscope:eqversion:1.1.0

Trust: 0.6

vendor:ciscomodel:dna center softwarescope:eqversion:1.1.3

Trust: 0.3

vendor:ciscomodel:dna center softwarescope:eqversion:1.1.2

Trust: 0.3

vendor:ciscomodel:dna center softwarescope:eqversion:1.1.1

Trust: 0.3

vendor:ciscomodel:dna center softwarescope:eqversion:1.1

Trust: 0.3

vendor:ciscomodel:dna centerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:dna centerscope:neversion:1.2

Trust: 0.3

sources: BID: 105504 // JVNDB: JVNDB-2018-011265 // CNNVD: CNNVD-201810-182 // NVD: CVE-2018-15386

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15386
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-15386
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201810-182
value: CRITICAL

Trust: 0.6

VULHUB: VHN-125640
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-15386
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125640
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15386
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-15386
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-125640 // JVNDB: JVNDB-2018-011265 // CNNVD: CNNVD-201810-182 // NVD: CVE-2018-15386

PROBLEMTYPE DATA

problemtype:CWE-16

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-125640 // JVNDB: JVNDB-2018-011265 // NVD: CVE-2018-15386

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-182

TYPE

configuration error

Trust: 0.6

sources: CNNVD: CNNVD-201810-182

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011265

PATCH
title:cisco-sa-20181003-dna-unauth-accessurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access
Trust: 0.8
title:Cisco Digital Network Architecture Center Fixes for configuration error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85396
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-011265 // 
            
            
            
            CNNVD: CNNVD-201810-182

EXTERNAL IDS
db:NVDid:CVE-2018-15386
Trust: 2.8
db:BIDid:105504
Trust: 2.0
db:JVNDBid:JVNDB-2018-011265
Trust: 0.8
db:CNNVDid:CNNVD-201810-182
Trust: 0.7
db:VULHUBid:VHN-125640
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125640 // 
            
            
            
            BID: 105504 // 
            
            
            
            JVNDB: JVNDB-2018-011265 // 
            
            
            
            CNNVD: CNNVD-201810-182 // 
            
            
            
            NVD: CVE-2018-15386

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-dna-unauth-access
Trust: 2.0
url:http://www.securityfocus.com/bid/105504
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15386
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15386
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-125640 // 
            
            
            
            BID: 105504 // 
            
            
            
            JVNDB: JVNDB-2018-011265 // 
            
            
            
            CNNVD: CNNVD-201810-182 // 
            
            
            
            NVD: CVE-2018-15386

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 105504

SOURCES
db:VULHUBid:VHN-125640
db:BIDid:105504
db:JVNDBid:JVNDB-2018-011265
db:CNNVDid:CNNVD-201810-182
db:NVDid:CVE-2018-15386

LAST UPDATE DATE
2024-08-14T15:43:54.818000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125640date:2020-08-13T00:00:00
db:BIDid:105504date:2018-10-03T00:00:00
db:JVNDBid:JVNDB-2018-011265date:2019-01-09T00:00:00
db:CNNVDid:CNNVD-201810-182date:2019-10-17T00:00:00
db:NVDid:CVE-2018-15386date:2020-08-13T12:50:17.027

SOURCES RELEASE DATE
db:VULHUBid:VHN-125640date:2018-10-05T00:00:00
db:BIDid:105504date:2018-10-03T00:00:00
db:JVNDBid:JVNDB-2018-011265date:2019-01-09T00:00:00
db:CNNVDid:CNNVD-201810-182date:2018-10-08T00:00:00
db:NVDid:CVE-2018-15386date:2018-10-05T14:29:07.340