Main Vulnerability Database SB2018042407

SB2018042407 - Configuration error in Cisco Application Deployment Engine

Published: April 24, 2018 Updated: April 24, 2018

Security Bulletin ID SB2018042407

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Configuration error (CVE-ID: CVE-2018-0275)

The vulnerability allows a local authenticated attacker to execute arbitrary commands with elevated privileges on the target system.

The weakness exists in the support tunnel feature due to improper configuration. A local attacker can trick the device into unlocking the support user account and access the tunnel password and device serial number and run any system command with root privileges.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise