Main Vulnerability Database Vulnerabilities #VU12791

#VU12791 Privilege escalation (backdoor) in Cisco Digital Network Architecture Center - CVE-2018-0222

Published: May 17, 2018

Vulnerability identifier: #VU12791

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-0222

CWE-ID: CWE-798

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Digital Network Architecture Center

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to log in to an affected system by using an administrative account that has default, static user credentials.

The weakness exist due to the presence of undocumented, static user credentials for the default administrative account. A remote attacker can use a backdoor account to log into the system and execute arbitrary commands with root privileges.

Remediation

Update to version 1.1.3.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dnac

#VU12791 Privilege escalation (backdoor) in Cisco Digital Network Architecture Center - CVE-2018-0222

Description

Remediation

External links

Please verify you're human