CVE-2018-0271

Name of the Vulnerable Software and Affected Versions: Cisco DNA Center Software Releases prior to 1.1.2

Description: A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The issue is due to a failure to normalize URLs prior to servicing requests. An attacker could exploit this by submitting a crafted URL, potentially gaining unauthenticated access to critical services and resulting in elevated privileges in DNA Center.

Recommendations: For Cisco DNA Center Software Releases prior to 1.1.2, update to a version 1.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the API gateway to minimize the risk of exploitation.