11 matches found
CVE-2018-5390
CVE-2018-5390 (SegmentSmack) affects Linux kernels 4.9+ where specially crafted TCP packets can trigger expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue(), potentially exhausting CPU and causing DoS. The Citrix advisory corroborates that TCP reassembly issues can lead to CPU sa...
CVE-2019-1848
Cisco DNA Center (affected software) contains an authentication-bypass flaw due to insufficient access restriction on ports required for system operation. An unauthenticated, adjacent attacker could connect an unauthorized device to the cluster services subnet to reach internal services not harde...
CVE-2018-0271
CVE-2018-0271 is a vulnerability in the API gateway of Cisco DNA Center. The issue stems from a failure to normalize URLs before servicing requests, enabling an unauthenticated, remote attacker to bypass authentication and gain unauthenticated access to critical services, with elevated privileges...
CVE-2020-3391
Cisco DNA Center Information Disclosure (CVE-2020-3391): An authenticated remote attacker could view credentials stored insecurely, by accessing device configuration. Affected product: Cisco DNA Center. Root cause: insecure storage of unencrypted credentials. Impact: potential exposure of credent...
CVE-2018-0269
Cisco DNA Center suffers an information-disclosure/unauthenticated-access risk due to an overly permissive CORS policy in its web framework, allowing a remote attacker to communicate with the Kong API server after deceiving a user with a malicious link. The issue is tied to DNA Center’s web API e...
CVE-2020-3281
CVE-2020-3281 describes an information-disclosure vulnerability in the audit-logging component of Cisco DNA Center. The root cause is storage of certain credentials in unencrypted form, enabling an authenticated, remote attacker to obtain credentials from audit logs. As stated, exploitation could...
CVE-2018-0222
CVE-2018-0222 affects Cisco DNA Center software prior to Release 1.1.3. The issue stems from undocumented, static credentials for the default administrative account, enabling an unauthenticated, remote attacker to log in and execute arbitrary commands with root privileges. Cisco’s advisory confir...
CVE-2018-15386
Cisco DNA Center is affected by CVE-2018-15386. The issue arises from an insecure default configuration that allows an unauthenticated, remote attacker to bypass authentication and gain direct, unauthorized access to critical management functions by connecting to exposed services. The exploit cou...
CVE-2018-0268
CVE-2018-0268 concerns Cisco DNA Center’s container management subsystem, where an insecure default configuration of the Kubernetes subsystem could allow an unauthenticated, remote attacker to bypass authentication and execute commands with elevated privileges inside provisioned containers, poten...
CVE-2018-0448
Cisco DNA Center Identity Management service is affected in versions prior to 1.1.4. The issue stems from insufficient restrictions on critical management functions, allowing an unauthenticated, remote attacker to bypass authentication and take full control of identity management functions via a ...
CVE-2019-1675
CVE-2019-1675 affects Cisco Aironet Active Sensor. The issue arises from a default local account with a static password that provides privileges only to reboot the device; an unauthenticated, remote attacker can guess the account name/password to access the CLI and reboot the sensor, potentially ...