SB2018081614 - Command execution in Cisco Digital Network Architecture Center

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018081614

SB2018081614 - Command execution in Cisco Digital Network Architecture Center

Published: August 16, 2018

Security Bulletin ID SB2018081614
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Command injection (CVE-ID: CVE-2018-0427)

The vulnerability allows a remote authenticated attacker to execute arbitrary commands on the target system.

The vulnerability exists in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center due to incorrect input validation of user-supplied data. A remote attacker can send a malicious packet to inject and execute arbitrary commands with root privileges.


Remediation

Install update from vendor's website.

References