CVE-2018-0268
Description
A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the Kubernetes container management subsystem within DNA Center. An attacker who has the ability to access the Kubernetes service port could execute commands with elevated privileges within provisioned containers. A successful exploit could result in a complete compromise of affected containers. This vulnerability affects Cisco DNA Center Software Releases 1.1.3 and prior. Cisco Bug IDs: CSCvi47253.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco DNA Center containers can be accessed without authentication via the Kubernetes API, granting full control to a remote attacker.
Vulnerability
CVE-2018-0268 is an insecure default configuration in the container management subsystem of Cisco Digital Network Architecture (DNA) Center that allows unauthenticated, remote access to the Kubernetes management interface. The vulnerability affects Cisco DNA Center Software Releases 1.1.3 and prior [1]. The Kubernetes container management service is exposed without authentication, enabling an attacker to connect to the Kubernetes API port and issue commands [1].
Exploitation
An unauthenticated attacker with network access to the Kubernetes API port (typically TCP 6443 or 443) can connect to the exposed Kubernetes service and execute arbitrary commands inside provisioned containers. No valid credentials or prior access to the DNA Center web interface are required. The attacker simply sends API requests to the Kubernetes endpoint to list, create, or modify containers and resources [1].
Impact
Successful exploitation grants the attacker elevated privileges within the Kubernetes environment, allowing full compromise of affected containers. This includes the ability to execute arbitrary commands, access sensitive data, and potentially pivot to other systems managed by the Kubernetes cluster. The impact is a complete breach of container confidentiality, integrity, and availability [1].
Mitigation
Cisco released fixed software updates for DNA Center to address this vulnerability. Customers should upgrade to a patched version as specified in the Cisco Security Advisory [1]. No effective workaround is available beyond restricting network access to the Kubernetes API port via firewalls or access control lists. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the time of writing [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.1.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/104192mitrevdb-entryx_refsource_BID
- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dnamitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.