Описание
A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending arbitrary HTTP requests to internal services. An exploit could allow the attacker to bypass any firewall or other protections to access unauthorized internal services. DNAC versions prior to 1.2.5 are affected.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
EPSS
6.5 Medium
CVSS3
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
Связанные уязвимости
A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending arbitrary HTTP requests to internal services. An exploit could allow the attacker to bypass any firewall or other protections to access unauthorized internal services. DNAC versions prior to 1.2.5 are affected.
Уязвимость компонента Software Image Management службы управления идентификацией системы управления сетью Cisco Digital Network Architecture Center, позволяющая нарушителю получить доступ к внутренним службам
EPSS
6.5 Medium
CVSS3
8.1 High
CVSS3
5.5 Medium
CVSS2