Cisco DNA Center Authentication Bypass Vulnerability
CVE-2019-1848

9.3CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Digital Network Architecture Center (dna Center)
Vendor: CVE Published:; 20 June 2019

Badges

👾 Exploit Exists

Summary

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could exploit this vulnerability by connecting an unauthorized network device to the subnet designated for cluster services. A successful exploit could allow an attacker to reach internal services that are not hardened for external access.

Affected Version(s)

Cisco Digital Network Architecture Center (DNA Center) < 1.3

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/108837

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
Jun 20, 2019
Vulnerability Reserved
Dec 6, 2018