CVE-2018-0271

{"id": "CVE-2018-0271", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-05-17T03:29:00.357", "references": [{"url": "http://www.securityfocus.com/bid/104191", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could exploit this vulnerability by submitting a crafted URL designed to exploit the issue. A successful exploit could allow the attacker to gain unauthenticated access to critical services, resulting in elevated privileges in DNA Center. This vulnerability affects Cisco DNA Center Software Releases prior to 1.1.2. Cisco Bug IDs: CSCvi09394."}, {"lang": "es", "value": "Una vulnerabilidad en el gateway API de Cisco Digital Network Architecture (DNA) Center podr\u00eda permitir que un atacante remoto no autenticado omita la autenticaci\u00f3n y acceder a servicios cr\u00edticos. La vulnerabilidad se debe a un error a la hora de normalizar URL antes de las peticiones de servicio. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una URL dise\u00f1ada para explotar este problema. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante obtenga acceso no autenticado a servicios cr\u00edticos, lo que resulta en privilegios elevados en DNA Center. Esta vulnerabilidad afecta a Cisco DNA Center Software si ejecuta cualquier distribuci\u00f3n anterior a 1.1.2. Cisco Bug IDs: CSCvi09394."}], "lastModified": "2019-10-09T23:31:36.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:digital_network_architecture_center:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1445F315-4357-493F-BC60-32B5E9613A44", "versionEndExcluding": "1.1.2"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}