Command injection in Cisco Digital Network Architecture Center - CVE-2018-0427
Published: August 15, 2018 / Updated: August 16, 2018
Vulnerability identifier: #VU14433
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0427
CWE-ID: CWE-77
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Digital Network Architecture Center
Cisco Digital Network Architecture Center
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to execute arbitrary commands on the target system.
The vulnerability exists in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center due to incorrect input validation of user-supplied data. A remote attacker can send a malicious packet to inject and execute arbitrary commands with root privileges.
How to mitigate CVE-2018-0427
Install update from vendor's website.