Vulnerability Details : CVE-2018-0269
A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing (CORS) policy. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. An exploit could allow the attacker to communicate with the API and exfiltrate sensitive information. Cisco Bug IDs: CSCvh99208.
Vulnerability category: Information leak
Products affected by CVE-2018-0269
- cpe:2.3:a:cisco:digital_network_architecture_center:1.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0269
0.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 66 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0269
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2018-0269
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: ykramarz@cisco.com (Secondary)
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-0269
-
http://www.securityfocus.com/bid/103950
Cisco DNA Center CVE-2018-0269 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-dna1
Cisco DNA Center Cross Origin Resource Sharing VulnerabilityVendor Advisory
Jump to