Sign-up

ID

VAR-201906-0685


CVE

CVE-2019-1848


TITLE

Cisco Digital Network Architecture Center Vulnerabilities related to leaking resources to the wrong area

Trust: 0.8

sources: JVNDB: JVNDB-2019-005658

DESCRIPTION

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could exploit this vulnerability by connecting an unauthorized network device to the subnet designated for cluster services. A successful exploit could allow an attacker to reach internal services that are not hardened for external access. Cisco DNA Center Software is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions with administrative privileges. This may lead to further attacks. This issue is being tracked by Cisco bug ID CSCvj03748. The solution scales and protects devices, applications, and more within the network

Trust: 1.98

sources: NVD: CVE-2019-1848 // JVNDB: JVNDB-2019-005658 // BID: 108837 // VULHUB: VHN-150830

AFFECTED PRODUCTS

vendor:ciscomodel:digital network architecture centerscope:ltversion:1.3

Trust: 1.0

vendor:ciscomodel:digital network architecture centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:dna center softwarescope:eqversion:1.1.3

Trust: 0.3

vendor:ciscomodel:dna center softwarescope:eqversion:1.1.2

Trust: 0.3

vendor:ciscomodel:dna center softwarescope:eqversion:1.1.1

Trust: 0.3

vendor:ciscomodel:dna center softwarescope:eqversion:1.1

Trust: 0.3

vendor:ciscomodel:application policy infrastructure controller enterprise module dnac1.2.8scope: - version: -

Trust: 0.3

vendor:ciscomodel:application policy infrastructure controller enterprise module dnac1.2.5scope: - version: -

Trust: 0.3

vendor:ciscomodel:application policy infrastructure controller enterprise module dnac1.1.4scope: - version: -

Trust: 0.3

vendor:ciscomodel:dna center softwarescope:neversion:1.3

Trust: 0.3

vendor:ciscomodel:application policy infrastructure controller enterprise module dnac1.3scope:neversion: -

Trust: 0.3

sources: BID: 108837 // JVNDB: JVNDB-2019-005658 // NVD: CVE-2019-1848

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1848
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1848
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-1848
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201906-808
value: CRITICAL

Trust: 0.6

VULHUB: VHN-150830
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1848
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-150830
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1848
baseSeverity: CRITICAL
baseScore: 9.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.8
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-150830 // JVNDB: JVNDB-2019-005658 // CNNVD: CNNVD-201906-808 // NVD: CVE-2019-1848 // NVD: CVE-2019-1848

PROBLEMTYPE DATA

problemtype:CWE-668

Trust: 1.9

sources: VULHUB: VHN-150830 // JVNDB: JVNDB-2019-005658 // NVD: CVE-2019-1848

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201906-808

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201906-808

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005658

PATCH
title:cisco-sa-20190619-dnac-bypassurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-dnac-bypass
Trust: 0.8
title:Cisco Digital Network Architecture Center Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93957
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-005658 // 
            
            
            
            CNNVD: CNNVD-201906-808

EXTERNAL IDS
db:NVDid:CVE-2019-1848
Trust: 2.8
db:BIDid:108837
Trust: 2.0
db:JVNDBid:JVNDB-2019-005658
Trust: 0.8
db:CNNVDid:CNNVD-201906-808
Trust: 0.7
db:AUSCERTid:ESB-2019.2202
Trust: 0.6
db:AUSCERTid:ESB-2019.2202.2
Trust: 0.6
db:VULHUBid:VHN-150830
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150830 // 
            
            
            
            BID: 108837 // 
            
            
            
            JVNDB: JVNDB-2019-005658 // 
            
            
            
            CNNVD: CNNVD-201906-808 // 
            
            
            
            NVD: CVE-2019-1848

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-dnac-bypass
Trust: 2.0
url:http://www.securityfocus.com/bid/108837
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1848
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1848
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.2202/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2202.2/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-150830 // 
            
            
            
            BID: 108837 // 
            
            
            
            JVNDB: JVNDB-2019-005658 // 
            
            
            
            CNNVD: CNNVD-201906-808 // 
            
            
            
            NVD: CVE-2019-1848

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 108837 // 
            
            
            
            CNNVD: CNNVD-201906-808

SOURCES
db:VULHUBid:VHN-150830
db:BIDid:108837
db:JVNDBid:JVNDB-2019-005658
db:CNNVDid:CNNVD-201906-808
db:NVDid:CVE-2019-1848

LAST UPDATE DATE
2024-08-14T15:02:16.499000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-150830date:2019-10-09T00:00:00
db:BIDid:108837date:2019-06-19T00:00:00
db:JVNDBid:JVNDB-2019-005658date:2019-06-25T00:00:00
db:CNNVDid:CNNVD-201906-808date:2019-07-01T00:00:00
db:NVDid:CVE-2019-1848date:2019-10-09T23:48:19.690

SOURCES RELEASE DATE
db:VULHUBid:VHN-150830date:2019-06-20T00:00:00
db:BIDid:108837date:2019-06-19T00:00:00
db:JVNDBid:JVNDB-2019-005658date:2019-06-25T00:00:00
db:CNNVDid:CNNVD-201906-808date:2019-06-19T00:00:00
db:NVDid:CVE-2019-1848date:2019-06-20T03:15:11.917