Main Vulnerability Database Vulnerabilities #VU12791

Privilege escalation (backdoor) in Cisco Digital Network Architecture Center - CVE-2018-0222

Published: May 17, 2018

Vulnerability identifier: #VU12791

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-0222

CWE-ID: CWE-798

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Digital Network Architecture Center

Detailed vulnerability description

The vulnerability allows a remote attacker to log in to an affected system by using an administrative account that has default, static user credentials.

The weakness exist due to the presence of undocumented, static user credentials for the default administrative account. A remote attacker can use a backdoor account to log into the system and execute arbitrary commands with root privileges.

How to mitigate CVE-2018-0222

Update to version 1.1.3.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dnac

Privilege escalation (backdoor) in Cisco Digital Network Architecture Center - CVE-2018-0222

Detailed vulnerability description

How to mitigate CVE-2018-0222

Sources

Please verify you're human