A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote malicious user to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability by providing crafted input during command execution or via a crafted command runner API call. A successful exploit could allow the malicious user to execute arbitrary CLI commands on devices managed by Cisco DNA Center.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco dna center |
And also fix up these other holes that can be exploited via HTTP requests, SQL injection, etc
Cisco this week emitted patches for four sets of critical-severity security holes in its products along with other fixes. The worst of the bugs can be exploited by sending specially crafted IP packets to a vulnerable installation, and overflowing a memory buffer to ultimately execute code as root on the machine, allowing the box to be completely commandeered. Another set of flaws can be abused by sending HTTP requests that trigger arbitrary command execution to again hijack the machine. You shou...