CVE-2018-0268

CRITICAL

A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the Kubernetes container management subsystem within DNA Center. An attacker who has the ability to access the Kubernetes service port could execute commands with elevated privileges within provisioned containers. A successful exploit could result in a complete compromise of affected containers. This vulnerability affects Cisco DNA Center Software Releases 1.1.3 and prior. Cisco Bug IDs: CSCvi47253.

Score CVSS v3.0

10.0

/ 10.0

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Informations

Publié: 17 mai 2018
Mis à jour: 21 nov. 2024
Statut: Modified
Source: psirt@cisco.com

Produits affectés

cisco digital network architecture center

Versions : 1.1.3

Faiblesses (CWE)

CWE-358CWE-358

Références (4)

http://www.securityfocus.com/bid/104192
Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna
Vendor Advisory
http://www.securityfocus.com/bid/104192
Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna
Vendor Advisory

CVEs similaires

Autres vulnérabilités de type CWE-358

Loading…

Surveillez vos produits

Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.

Activer la surveillance