CVE-2019-1848

{"id": "CVE-2019-1848", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 4.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.8}]}, "published": "2019-06-20T03:15:11.917", "references": [{"url": "http://www.securityfocus.com/bid/108837", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-dnac-bypass", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www.securityfocus.com/bid/108837", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-dnac-bypass", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-668"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could exploit this vulnerability by connecting an unauthorized network device to the subnet designated for cluster services. A successful exploit could allow an attacker to reach internal services that are not hardened for external access."}, {"lang": "es", "value": "Una vulnerabilidad en Digital Network Architecture (DNA) Center de Cisco podr\u00eda permitir a un atacante adyacente no autenticado omitir la autenticaci\u00f3n y acceder a servicios internos cr\u00edticos. Una vulnerabilidad es debido a una restricci\u00f3n de acceso insuficiente a los puertos necesarios para la operaci\u00f3n del sistema. Un atacante podr\u00eda explotar esta vulnerabilidad al conectar un dispositivo de red no autorizado a la subred designada para los servicios del cl\u00faster. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante alcanzar servicios internos que no est\u00e1n reforzados para el acceso externo."}], "lastModified": "2024-11-21T04:37:31.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:digital_network_architecture_center:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23D3E242-15FB-4F14-B6C6-F0B6746BE1A2", "versionEndExcluding": "1.3"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}