CVE-2018-0440 — Improper Input Validation in Cisco Data Center Network Manager

CWE-264 CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 81.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Data Center Network Manager Cisco Data Center Network Manager

Timeline

PublishedOct 5

Latest updateMay 13

Description

A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. The vulnerability is due to incomplete input validation of user input within an HTTP request. An attacker could exploit this vulnerability by authenticating to the application and then sending a crafted HTTP request to the targeted application. A successful exploit could allow the authen…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/data_center_network_manager< 11.0\(1\)

▶CVEListV5cisco/cisco_data_center_network_managern/a

🔴Vulnerability Details

GHSA

GHSA-7m6x-r79m-jgqx: A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands o↗2022-05-13

▶

CVEList

Cisco Data Center Network Manager Privilege Escalation to Underlying Operating System Vulnerability↗2018-10-05

▶

📋Vendor Advisories

Cisco

Cisco Data Center Network Manager Privilege Escalation to Underlying Operating System Vulnerability↗2018-09-05

▶