CVE-2018-0368

HIGH

Cisco Application Policy Infrastructu... - Information Disclosure

Title source: rule
STIX 2.1

Description

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient security restrictions imposed by the affected software. An attacker could exploit this vulnerability by accessing unprotected log files. A successful exploit could allow the attacker to access sensitive log files, which may include system credentials, on the affected device. Cisco Bug IDs: CSCvi22400.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/104729

Scores

CVSS v3 7.8
EPSS 0.0033
EPSS Percentile 25.3%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-200
Status published
Products (1)
cisco/application_policy_infrastructure_controller_enterprise_module 1.1_base
Published Jul 16, 2018
Tracked Since Feb 18, 2026