CVE-2018-0448 is a vulnerability in Cisco Digital Network Architecture Center
Published on October 5, 2018
Cisco Digital Network Architecture Center Authentication Bypass Vulnerability
A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and make unauthorized modifications to existing system users as well as create new users.
Weakness Type
Inadequate Encryption Strength
The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.
Products Associated with CVE-2018-0448
Want to know whenever a new CVE is published for Cisco Digital Network Architecture Center? stack.watch will email you.
Affected Versions
Cisco Digital Network Architecture Center (DNA Center) Version n/a is affected by CVE-2018-0448Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.