A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious packet. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. Cisco Bug IDs: CSCvi42263.
References
Link | Resource |
---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-dna-injection | Vendor Advisory |
http://www.securityfocus.com/bid/105106 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Information
Published : 2018-08-15 13:29
Updated : 2020-08-31 09:15
NVD link : CVE-2018-0427
Mitre link : CVE-2018-0427
JSON object : View
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Products Affected
cisco
- application_policy_infrastructure_controller_enterprise_module