Unrated severityNVD Advisory· Published Jul 16, 2018· Updated Nov 29, 2024

CVE-2018-0368

Description

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient security restrictions imposed by the affected software. An attacker could exploit this vulnerability by accessing unprotected log files. A successful exploit could allow the attacker to access sensitive log files, which may include system credentials, on the affected device. Cisco Bug IDs: CSCvi22400.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cisco DNA Center allows authenticated local attacker to access unprotected log files containing system credentials, leading to information disclosure.

Vulnerability

Cisco Digital Network Architecture (DNA) Center contains an information disclosure vulnerability due to insufficient security restrictions. An authenticated, local attacker can access unprotected log files that may contain sensitive information, including system credentials. This affects Cisco DNA Center; specific affected software releases are referenced in Cisco Bug ID CSCvi22400 [1].

Exploitation

An attacker must have local access to the affected system with valid authentication credentials. The exploitation involves simply accessing unprotected log files on the device. No additional complex steps or user interaction beyond authentication is required [1].

Impact

Successful exploitation allows the attacker to read sensitive log files that may include system credentials. This could lead to further compromise of the Cisco DNA Center and potentially the network it manages [1].

Mitigation

Cisco has released fixed software to address this vulnerability. There are no workarounds. Users should upgrade to a fixed release as indicated by the Cisco bug ID CSCvi22400. Consult the Cisco Security Advisory for details [1].

References

Cisco Security Advisory: Cisco Digital Network Architecture Center Credential Logging Information Disclosure Vulnerability

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./DNA Centerllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/104729mitrevdb-entryx_refsource_BID
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-dnac-idmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000