CVE-2018-0222

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the default administrative account for the affected software. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands with root privileges. This vulnerability affects all releases of Cisco DNA Center Software prior to Release 1.1.3. Cisco Bug IDs: CSCvh98929.

CVSS v3 10.0 CRITICAL
CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/104193	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dnac	Vendor Advisory
http://www.securityfocus.com/bid/104193	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dnac	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:digital_network_architecture_center:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:37

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/104193 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/104193 - Third Party Advisory, VDB Entry
References	~~() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dnac - Vendor Advisory~~	() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dnac - Vendor Advisory

Information

Published : 2018-05-17 03:29

Updated : 2024-11-21 03:37

NVD link : CVE-2018-0222

Mitre link : CVE-2018-0222

CVE.ORG link : CVE-2018-0222

JSON object : View

Products Affected

cisco

digital_network_architecture_center

CWE

CWE-798

Use of Hard-coded Credentials

10.0 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

10.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2018-0222

10.0^/10

10.0^/10

Attach tags to `CVE-2018-0222`