CVE-2019-1841

MEDIUM

Cisco DNA Center - Auth Bypass

Title source: llm

Description

A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending arbitrary HTTP requests to internal services. An exploit could allow the attacker to bypass any firewall or other protections to access unauthorized internal services. DNAC versions prior to 1.2.5 are affected.

References (2)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-swim-proxy

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/108084

Scores

CVSS v3 6.5

EPSS 0.0115

EPSS Percentile 78.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-441 CWE-20

Status published

Products (1)

cisco/catalyst_center < 1.2.5

Published Apr 18, 2019

Tracked Since Feb 18, 2026