CVE-2018-0368
Summary
| CVE | CVE-2018-0368 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-07-16 17:29:00 UTC |
| Updated | 2019-10-09 23:31:00 UTC |
| Description | A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient security restrictions imposed by the affected software. An attacker could exploit this vulnerability by accessing unprotected log files. A successful exploit could allow the attacker to access sensitive log files, which may include system credentials, on the affected device. Cisco Bug IDs: CSCvi22400. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Application Policy Infrastructure Controller Enterprise Module | 1.1_base | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller Enterprise Module | 1.1_base | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Digital Network Architecture Center Credential Logging Information Disclosure Vulnerability | CONFIRM | tools.cisco.com | Vendor Advisory |
| Malformed Request | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.