1. CVE-Search
  2. CVE-2019-1848
ID CVE-2019-1848
Summary A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could exploit this vulnerability by connecting an unauthorized network device to the subnet designated for cluster services. A successful exploit could allow an attacker to reach internal services that are not hardened for external access.
References
Vulnerable Configurations
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.1:-:*:*:*:*:*:*
    cpe:2.3:a:cisco:digital_network_architecture_center:1.1:-:*:*:*:*:*:*
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.1:patch1:*:*:*:*:*:*
    cpe:2.3:a:cisco:digital_network_architecture_center:1.1:patch1:*:*:*:*:*:*
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.1:patch2:*:*:*:*:*:*
    cpe:2.3:a:cisco:digital_network_architecture_center:1.1:patch2:*:*:*:*:*:*
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:digital_network_architecture_center:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:digital_network_architecture_center:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:digital_network_architecture_center:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:digital_network_architecture_center:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:digital_network_architecture_center:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:digital_network_architecture_center:1.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:digital_network_architecture_center:1.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:digital_network_architecture_center:1.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:digital_network_architecture_center:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:digital_network_architecture_center:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:digital_network_architecture_center:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:digital_network_architecture_center:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:digital_network_architecture_center:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:digital_network_architecture_center:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:digital_network_architecture_center:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:digital_network_architecture_center:1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:digital_network_architecture_center:1.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:digital_network_architecture_center:1.2.12:*:*:*:*:*:*:*
CVSS
Base: 4.8 (as of 09-10-2019 - 23:48)
Impact:
Exploitability:
CWE CWE-668
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:A/AC:L/Au:N/C:P/I:P/A:N
refmap via4
bid 108837
cisco 20190619 Cisco DNA Center Authentication Bypass Vulnerability
Last major update 09-10-2019 - 23:48
Published 20-06-2019 - 03:15
Last modified 09-10-2019 - 23:48
Back to Top