Main Vulnerability Database Vulnerabilities #VU14671

Command injection in Cisco Data Center Network Manager - CVE-2018-0440

Published: September 6, 2018

Vulnerability identifier: #VU14671

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0440

CWE-ID: CWE-77

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Data Center Network Manager

Detailed vulnerability description

The vulnerability allows a remote authenticated application administrator to execute commands to execute arbitrary commands.

The vulnerability exists in the web interface of Cisco Data Center Network Manager due to incomplete input validation of user input within an HTTP request. A remote attacker can authenticate to the application and then send a specially crafted HTTP request to issue commands on the underlying operating system as the root user.

How to mitigate CVE-2018-0440

Update to version 11.0(0.442)S0.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cdcnm-escalation

Command injection in Cisco Data Center Network Manager - CVE-2018-0440

Detailed vulnerability description

How to mitigate CVE-2018-0440

Sources

Please verify you're human