CVE-2018-0268

EPSS 10.1%
Veröffentlicht 17.05.2018 03:29:00
Zuletzt bearbeitet 21.11.2024 03:37:50
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the Kubernetes container management subsystem within DNA Center. An attacker who has the ability to access the Kubernetes service port could execute commands with elevated privileges within provisioned containers. A successful exploit could result in a complete compromise of affected containers. This vulnerability affects Cisco DNA Center Software Releases 1.1.3 and prior. Cisco Bug IDs: CSCvi47253.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Digital Network Architecture Center Version <= 1.1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	10.1%	0.928

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	3.9	6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-358 Improperly Implemented Security Check for Standard

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

http://www.securityfocus.com/bid/104192

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0268

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0268

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0268

EUVD