QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-0269

Back to search

CVE-2018-0269

Published: Apr 19, 2018

Modified: Nov 29, 2024

PUBLISHED

Description

A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing (CORS) policy. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. An exploit could allow the attacker to communicate with the API and exfiltrate sensitive information. Cisco Bug IDs: CSCvh99208.

VendorProductVersions

n/a

Cisco DNA Center

affected
Cisco DNA Center

Weaknesses (CWE)

CWE-200

References

103950
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now