—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Digital Network Architecture Center Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20181003-dna-auth-bypass

Revision: 1.0

For Public Release: 2018 October 3 16:00 GMT

Last Updated: 2018 October 3 16:00 GMT

CVE ID(s): CVE-2018-0448

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary

=======

A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions.

The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and make unauthorized modifications to existing system users as well as create new users.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-auth-bypass [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-auth-bypass”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbtOqhXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfcz/LMQANNtZuC/Vs1EpccrbewX8XQlIKBg
GILmzSlKrhDEgMC97FavqiReTcfiWT8RNApUAuyS4h/k7lsv5i5XmWfbR7qEYITJ
4LQ3Hi+Cmv4Fp2Z9sOY+IvwipkNVHTvIuGnAXTsONyRxcnvCSqWYHh3WpY9V5TvN
mxS76mqb4sApCQXKNI5+ukFIQazzjkRw5d1GRm7ub/br6lykm2t39NG0IhvEEssa
2x5NsTj73qa2XqSdUru9sRUmUyTjKSYY3COCdOzHhO6BWA0X50V0T+6vMKCOxCqx
AuiFELAJBe8S2lDmFQrb/EyqGccoySB7d5oN3YYcq76DoLDPapYcWaWkGTRxPVrB
WDir0j3bn47dmfZZVl8YO9lZ8uxdGpATJvZa1PTRFkxLl9tw3cmy+lS5h6xthILq
mj2oFTsOUXlYU++HDAYXw04OuCokTzgcryh2pVcQMakB4uljswpim51Qa+sseIsu
xD7XABT2Djf4qCQBsSX+BnWiQS5+kUJaDtZOKPXIhRTZc1nHDJ8Zv6lX7tDl+kZ4
OY7e0y3QEH8prXhSzY8jrhgRdJQpKlnAg1trBP7PRkja/mcQHbqs2NCFTGt7xxqU
aYoQua3i81hICwWOjJAhB6Hmyqij92x0Jk9SS2RI84LjJGfpfs3FwBLFUwQbsgUe
pkkf0iXfSl7UejJn
=OZ8z
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com