Lucene search
K
CiscoDigital Network Architecture Center

11 matches found

CVE
CVE
added 2018/08/06 8:0 p.m.497 views

CVE-2018-5390

CVE-2018-5390 (SegmentSmack) affects Linux kernels 4.9+ where specially crafted TCP packets can trigger expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue(), potentially exhausting CPU and causing DoS. The Citrix advisory corroborates that TCP reassembly issues can lead to CPU sa...

7.8CVSS7.5AI score0.7354EPSS
CVE
CVE
added 2019/06/20 2:55 a.m.253 views

CVE-2019-1848

Cisco DNA Center (affected software) contains an authentication-bypass flaw due to insufficient access restriction on ports required for system operation. An unauthenticated, adjacent attacker could connect an unauthorized device to the cluster services subnet to reach internal services not harde...

9.3CVSS9.4AI score0.00729EPSS
CVE
CVE
added 2018/05/17 3:0 a.m.68 views

CVE-2018-0271

CVE-2018-0271 is a vulnerability in the API gateway of Cisco DNA Center. The issue stems from a failure to normalize URLs before servicing requests, enabling an unauthenticated, remote attacker to bypass authentication and gain unauthenticated access to critical services, with elevated privileges...

9.8CVSS9.7AI score0.02747EPSS
CVE
CVE
added 2020/07/02 4:20 a.m.61 views

CVE-2020-3391

Cisco DNA Center Information Disclosure (CVE-2020-3391): An authenticated remote attacker could view credentials stored insecurely, by accessing device configuration. Affected product: Cisco DNA Center. Root cause: insecure storage of unencrypted credentials. Impact: potential exposure of credent...

6.5CVSS6.3AI score0.01307EPSS
CVE
CVE
added 2018/04/19 8:0 p.m.58 views

CVE-2018-0269

Cisco DNA Center suffers an information-disclosure/unauthenticated-access risk due to an overly permissive CORS policy in its web framework, allowing a remote attacker to communicate with the Kong API server after deceiving a user with a malicious link. The issue is tied to DNA Center’s web API e...

4.3CVSS4.7AI score0.0132EPSS
CVE
CVE
added 2020/06/03 5:56 p.m.56 views

CVE-2020-3281

CVE-2020-3281 describes an information-disclosure vulnerability in the audit-logging component of Cisco DNA Center. The root cause is storage of certain credentials in unencrypted form, enabling an authenticated, remote attacker to obtain credentials from audit logs. As stated, exploitation could...

8.8CVSS5.5AI score0.01047EPSS
CVE
CVE
added 2018/05/17 3:0 a.m.53 views

CVE-2018-0222

CVE-2018-0222 affects Cisco DNA Center software prior to Release 1.1.3. The issue stems from undocumented, static credentials for the default administrative account, enabling an unauthenticated, remote attacker to log in and execute arbitrary commands with root privileges. Cisco’s advisory confir...

10CVSS9.7AI score0.0379EPSS
CVE
CVE
added 2018/10/05 2:0 p.m.52 views

CVE-2018-15386

Cisco DNA Center is affected by CVE-2018-15386. The issue arises from an insecure default configuration that allows an unauthenticated, remote attacker to bypass authentication and gain direct, unauthorized access to critical management functions by connecting to exposed services. The exploit cou...

9.8CVSS9.7AI score0.03441EPSS
CVE
CVE
added 2018/05/17 3:0 a.m.51 views

CVE-2018-0268

CVE-2018-0268 concerns Cisco DNA Center’s container management subsystem, where an insecure default configuration of the Kubernetes subsystem could allow an unauthenticated, remote attacker to bypass authentication and execute commands with elevated privileges inside provisioned containers, poten...

10CVSS9.8AI score0.05398EPSS
CVE
CVE
added 2018/10/05 2:0 p.m.50 views

CVE-2018-0448

Cisco DNA Center Identity Management service is affected in versions prior to 1.1.4. The issue stems from insufficient restrictions on critical management functions, allowing an unauthenticated, remote attacker to bypass authentication and take full control of identity management functions via a ...

9.8CVSS9.8AI score0.02139EPSS
CVE
CVE
added 2019/02/07 8:0 p.m.45 views

CVE-2019-1675

CVE-2019-1675 affects Cisco Aironet Active Sensor. The issue arises from a default local account with a static password that provides privileges only to reboot the device; an unauthenticated, remote attacker can guess the account name/password to access the CLI and reboot the sensor, potentially ...

7.8CVSS7.7AI score0.02589EPSS