Cisco DNA Center Unintended Proxy Via SWIM Import Interface Vulnerability
CVE-2019-1841

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Digital Network Architecture Center (dna Center)
Vendor: CVE Published:; 18 April 2019

Badges

👾 Exploit Exists

Summary

A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending arbitrary HTTP requests to internal services. An exploit could allow the attacker to bypass any firewall or other protections to access unauthorized internal services. DNAC versions prior to 1.2.5 are affected.

Affected Version(s)

Cisco Digital Network Architecture Center (DNA Center) < unspecified

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/108084

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
Apr 18, 2019
Vulnerability Reserved
Dec 6, 2018