CVE-2018-0271
Last modified
CVE-2018-0271 is a vulnerability of currently unknown severity. A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. EPSS estimates a 2.75% chance of exploitation in the next 30 days.
Description
A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could exploit this vulnerability by submitting a crafted URL designed to exploit the issue. A successful exploit could allow the attacker to gain unauthenticated access to critical services, resulting in elevated privileges in DNA Center. This vulnerability affects Cisco DNA Center Software Releases prior to 1.1.2. Cisco Bug IDs: CSCvi09394.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Digital Network Architecture Center | < 1.1.2 |
References
- http://www.securityfocus.com/bid/104191Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/104191Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-0271?
How severe is CVE-2018-0271?
How do I fix CVE-2018-0271?
Are you affected by CVE-2018-0271?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST