Main Vulnerability Database Vulnerabilities #VU12069

Configuration error in Cisco Application Deployment Engine - CVE-2018-0275

Published: April 20, 2018

Vulnerability identifier: #VU12069

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0275

CWE-ID: CWE-16

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Application Deployment Engine

Detailed vulnerability description

The vulnerability allows a local authenticated attacker to execute arbitrary commands with elevated privileges on the target system.

The weakness exists in the support tunnel feature due to improper configuration. A local attacker can trick the device into unlocking the support user account and access the tunnel password and device serial number and run any system command with root privileges.

How to mitigate CVE-2018-0275

Install update from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise

Configuration error in Cisco Application Deployment Engine - CVE-2018-0275

Detailed vulnerability description

How to mitigate CVE-2018-0275

Sources

Please verify you're human