—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco Data Center Network Manager Privilege Escalation to Underlying Operating System Vulnerability
Advisory ID: cisco-sa-20180905-cdcnm-escalation
Revision: 1.0
For Public Release: 2018 September 5 16:00 GMT
Last Updated: 2018 September 5 16:00 GMT
CVE ID(s): CVE-2018-0440
CVSS Score v(3): 7.2 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
+———————————————————————
Summary
=======
A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges.
The vulnerability is due to incomplete input validation of user input within an HTTP request. An attacker could exploit this vulnerability by authenticating to the application and then sending a crafted HTTP request to the targeted application. A successful exploit could allow the authenticated attacker to issue commands on the underlying operating system as the root user.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cdcnm-escalation [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cdcnm-escalation”]
—–BEGIN PGP SIGNATURE—–
iQJ5BAEBAgBjBQJbkADTXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczJLsP/1H346qlqZp9cue/Lycf462hqTOM
W8FsF5ueH/oLQ28uO6qjgYRsQeoEpiCpYM54BFAo5sZNDBby9DOFSxRMCGjxl6pZ
R/cq16yUVfmLvnCXVscMc04ivT6f6fYyvRCXiQPO990usut2vsDTxkficGRd/EoR
6XeWpLsHAvNz5pnakIM8XGSLJ7dBg2qWmtFG4d3BsqvRMTKXtlg9bUi4b4rKwIYq
c4Hyv/UW2+h3fPeXuK8ldvxmkwykCNsWcrBuZ7TGRxloluGzsXVRzmGHpv7lqeZu
N9dYIVfjZcrilbcT61E2M1X/JXyCc8aWlVM0d0vKvkKVjPlf6sJ0aKrBAczEv4MM
QKme2P5f8Gm8KKHLuiQjg06m6OYz3RqRQ772QYEthR/NSry5TM0ZwU1yILSq9PVr
7aBekyvlk5fKl7s5wisADSkWpgkHYBK8nbFq3CyIyK9oNwkyzyPbt+lPeYoeAJWG
BIkMjxUo29oOX8o2f3c26ZS++sRo8/tlA/V0Ljhvz6SLtnDNXE8A/AW7v0PNTUrb
oy4BsRMHa7/r2tNSvdUp82aJdXUx/UKGzzrUBaLbVdJbchFm3ulmiVumOWBbfPlb
I/utJ6W+YIqNZbMKpPt+lc3FwHOLmJDhtTycrYn7ciVAli0k9w1+7dOisDs+jebb
aOw+ytZjFFgFyRZD
=9MC0
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com