CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-0427

A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious packet. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. Cisco Bug IDs: CSCvi42263.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.021

EPSS Ranking 83.1%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

http://www.securityfocus.com/bid/105106
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-dna-injection
http://www.securityfocus.com/bid/105106
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-dna-injection

Products affected by CVE-2018-0427

Cisco » Application Policy Infrastructure Controller Enterprise Module » Version: dnac1.1

cpe:2.3:a:cisco:application_policy_infrastructure_controller_enterprise_module:dnac1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-0427

Products

Pricing

Contact Us