SB2018081614 - Command execution in Cisco Digital Network Architecture Center

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018081614

SB2018081614 - Command execution in Cisco Digital Network Architecture Center

Published: August 16, 2018

Security Bulletin ID SB2018081614
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Command injection (CVE-ID: CVE-2018-0427)

CWE-ID: CWE-77 - Command injection

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote authenticated attacker to execute arbitrary commands on the target system.

The vulnerability exists in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center due to incorrect input validation of user-supplied data. A remote attacker can send a malicious packet to inject and execute arbitrary commands with root privileges.


Remediation

Install update from vendor's website.

References