CVE-2018-0448

CRITICAL Year: 2018
CVSS v3 Score
9.8
Critical
CVSS v2 Score
7.5
High
Weakness Type
CWE-326
View all →

Vulnerability Description

A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and make unauthorized modifications to existing system users as well as create new users.

Related Vulnerabilities

CVE-2011-4121

CRITICAL
CVSS:9.8(Critical)

The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use th...

CWE-3262011

CVE-2013-2166

CRITICAL
CVSS:9.8(Critical)

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass

CWE-3262013

CVE-2013-7287

CRITICAL
CVSS:9.8(Critical)

MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.

CWE-3262013

CVE-2014-9975

CRITICAL
CVSS:9.8(Critical)

In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption.

CWE-3262014

CVE-2015-0575

CRITICAL
CVSS:9.8(Critical)

In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.

CWE-3262015

CVE-2016-5804

CRITICAL
CVSS:9.8(Critical)

Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authen...

CWE-3262016