—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Digital Network Architecture Center Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20180516-dna2

Revision: 1.0

For Public Release: 2018 May 16 16:00 GMT

Last Updated: 2018 May 16 16:00 GMT

CVE ID(s): CVE-2018-0271

CVSS Score v(3): 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

+———————————————————————

Summary

=======

A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services.

The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could exploit this vulnerability by submitting a crafted URL designed to exploit the issue. A successful exploit could allow the attacker to gain unauthenticated access to critical services, resulting in elevated privileges in DNA Center.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJa/FiJXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczZroQAMgfuqM11MZYa54e9cnE28Z7IPe1
c4afYJHKSBLhsv16jtxqdJJmCFFR5JwK8I6afZmD7oMpJstB+cgkbCkfBKePVjsK
GrcXh4/hYEB8fLqex6+VYpIGvKxgGetFhwHO4U+dOv341lXV7pPL2YWGVRUiRYuS
4OH7GZUAz+NpehyxF6do03BDxG68vjRhK94l23n7JC6rjFzpBPcsFuBVh4x1HMyA
2wWomSyKpXhsiwo7YpTLFNhtZtfxAstd/HzXbF5Y//bBxmUxXKbB6XqZZlDP8TPH
Tad7JzlXSwvj0w0psUmojDe8xgA//Lm8y0NKM9EdM2NGXjD8TBR++pNDeyLrNLg+
oq00hzOLl24IKUiTZaEUiEG5RANCTZGyCyO6CjXseYCjFMKYG6LP6WphsP3L4oss
wOYgyzK5mnZifo8Wutc1muJDPPop0hRmvS4YuyHr8l0Ss8psvTWyI28Rxkah/Kzk
YIKo86K4Z9K9tbEa5bQ32zZefjYvO8/wJjL9yWyw/UTfg1NDPVAwsWsIfBxIQ+T9
kYADCSEyTUbCh5XS4wczry4xFRUCw5y1KITkKysYZhzvO8Uds9kIyezjZI1R4G0p
gtIe7kCKjNmgsv6km1xD//LAWbpY3sJnnOmMK5XKqTjIAU7zCm39nhttC48P29QY
uH7Gkfs96WoM0DUx
=SM6z
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com