CVE-2018-0269 - A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) c

CVE-2018-0269

Summary

A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing (CORS) policy. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. An exploit could allow the attacker to communicate with the API and exfiltrate sensitive information. Cisco Bug IDs: CSCvh99208.

References

Vulnerable Configurations

cpe:2.3:a:cisco:digital_network_architecture_center:1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:digital_network_architecture_center:1.1:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 04-09-2020 - 18:29)
Impact:
Exploitability:

CWE

CWE-863

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

refmap via4

bid	103950
confirm	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-dna1

Last major update

04-09-2020 - 18:29

Published

19-04-2018 - 20:29

Last modified

04-09-2020 - 18:29