CVE-2018-0448, CVE-2018-15386 in Cisco’s DNA Network Software, Patch Now

Two severe security vulnerabilities (CVE-2018-0448, CVE-2018-15386) affecting Cisco’s Digital Network Architecture (DNA) Center software have been just patched. The DNA Center interface is used by network admins to add new devices to the network and manage them based on enterprise policies. The center is part of Cisco’s toolkit for internet-based networking.

More about CVE-2018-15386

This vulnerability could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions, Cisco explained. As already mentioned the flaw is rated critical and has a Common Vulnerability Scoring System (CVSS) v 3.0 rating of 9.8 out of 10, a quite high rating.

The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.

The company has issued software updates that address CVE-2018-0448. Note that there are no workarounds that address the flaw, meaning that admins need to update to the latest released as soon as possible.

More about CVE-2018-0448

This is a vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center. It affects all releases of Cisco DNA Center Software prior to Release 1.1.4. It could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions, Cisco said.

The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system.

In case of exploit, an attacker could be able to view and make unauthorized modifications to existing system users and also create new users.

Related Story: 3,500 Cisco Network Switches in Iran Hacked by JHT Hacking Group

The vulnerability has been addressed, with no possible workaround.

Fortunately, both vulnerabilities were unearthed during internal testing, and the company is not aware of any active exploits in the wild.

Both flaws were found during internal testing. Cisco is not aware of any exploits in the wild for the flaws.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share