CVE-2019-1848

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could exploit this vulnerability by connecting an unauthorized network device to the subnet designated for cluster services. A successful exploit could allow an attacker to reach internal services that are not hardened for external access.

CVSS v3 9.3 CRITICAL
CVSS v2.0 4.8 MEDIUM

9.3^/10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Exploitability : 2.8 / Impact : 5.8

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

4.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 6.5 / Impact : 4.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/108837	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-dnac-bypass	Vendor Advisory
http://www.securityfocus.com/bid/108837	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-dnac-bypass	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:digital_network_architecture_center:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:37

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/108837 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/108837 - Third Party Advisory, VDB Entry
References	~~() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-dnac-bypass - Vendor Advisory~~	() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-dnac-bypass - Vendor Advisory

Information

Published : 2019-06-20 03:15

Updated : 2024-11-21 04:37

NVD link : CVE-2019-1848

Mitre link : CVE-2019-1848

CVE.ORG link : CVE-2019-1848

JSON object : View

Products Affected

cisco

digital_network_architecture_center

CWE

CWE-668

Exposure of Resource to Wrong Sphere

9.3 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

4.8 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2019-1848

9.3^/10

4.8^/10

Attach tags to `CVE-2019-1848`