Main Vulnerability Database Vulnerabilities #VU14433

#VU14433 Command injection in Cisco Digital Network Architecture Center - CVE-2018-0427

Published: August 15, 2018 / Updated: August 16, 2018

Vulnerability identifier: #VU14433

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0427

CWE-ID: CWE-77

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Digital Network Architecture Center

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote authenticated attacker to execute arbitrary commands on the target system.

The vulnerability exists in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center due to incorrect input validation of user-supplied data. A remote attacker can send a malicious packet to inject and execute arbitrary commands with root privileges.

Remediation

Install update from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-dna-injectio...