CVE-2019-1848
9.3
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Summary
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could exploit this vulnerability by connecting an unauthorized network device to the subnet designated for cluster services. A successful exploit could allow an attacker to reach internal services that are not hardened for external access.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco Digital Network Architecture Center (DNA Center) | unspecified < 1.3 | affected |
Weaknesses
- CWE-668: CWE-668
ADP Enrichment
CVE Program Container
Additional References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-dnac-bypass
- http://www.securityfocus.com/bid/108837
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-dnac-bypass
- http://www.securityfocus.com/bid/108837
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.