CVE-2019-1848

CRITICAL Year: 2019
CVSS v3 Score
9.3
Critical
CVSS v2 Score
4.8
Medium
Weakness Type
CWE-668
View all →

Vulnerability Description

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could exploit this vulnerability by connecting an unauthorized network device to the subnet designated for cluster services. A successful exploit could allow an attacker to reach internal services that are not hardened for external access.

Related Vulnerabilities

CVE-2018-4048

CRITICAL
CVSS:9.3(Critical)

An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite execu...

CWE-6682018

CVE-2024-38368

CRITICAL
CVSS:9.3(Critical)

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods...

CWE-6682024

CVE-2007-3915

CRITICAL
CVSS:9.1(Critical)

Mondo 2.24 has insecure handling of temporary files.

CWE-6682007

CVE-2009-5042

CRITICAL
CVSS:9.1(Critical)

python-docutils allows insecure usage of temporary files

CWE-6682009

CVE-2017-5648

CRITICAL
CVSS:9.1(Critical)

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the...

CWE-6682017

CVE-2020-16263

CRITICAL
CVSS:9.1(Critical)

Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins.

CWE-6682020