A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing (CORS) policy. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. An exploit could allow the attacker to communicate with the API and exfiltrate sensitive information. Cisco Bug IDs: CSCvh99208.
History

Fri, 29 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2018-04-19T20:00:00

Updated: 2024-11-29T15:14:44.123Z

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0269

cve-icon Vulnrichment

Updated: 2024-08-05T03:21:15.269Z

cve-icon NVD

Status : Modified

Published: 2018-04-19T20:29:01.580

Modified: 2024-11-21T03:37:51.050

Link: CVE-2018-0269

cve-icon Redhat

No data.