Main Vulnerability Database Vulnerabilities #VU14671

#VU14671 Command injection in Cisco Data Center Network Manager - CVE-2018-0440

Published: September 6, 2018

Vulnerability identifier: #VU14671

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0440

CWE-ID: CWE-77

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Data Center Network Manager

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote authenticated application administrator to execute commands to execute arbitrary commands.

The vulnerability exists in the web interface of Cisco Data Center Network Manager due to incomplete input validation of user input within an HTTP request. A remote attacker can authenticate to the application and then send a specially crafted HTTP request to issue commands on the underlying operating system as the root user.

Remediation

Update to version 11.0(0.442)S0.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cdcnm-escalation