CVE-2018-0454
Summary
| CVE | CVE-2018-0454 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-10-05 14:29:00 UTC |
| Updated | 2019-10-09 23:32:00 UTC |
| Description | A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to perform command injection. The vulnerability is due to insufficient input validation of command input. An attacker could exploit this vulnerability by sending customized commands to the web-based management interface. |
Risk And Classification
Problem Types: CWE-77
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Cloud Services Platform 2100 | - | All | All | All |
| Hardware | Cisco | Cloud Services Platform 2100 | - | All | All | All |
| Operating System | Cisco | Cloud Services Platform 2100 Firmware | 2.2(4) | All | All | All |
| Operating System | Cisco | Cloud Services Platform 2100 Firmware | 2.2\(4\) | All | All | All |
| Operating System | Cisco | Cloud Services Platform 2100 Firmware | 2.2\(4\) | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Cloud Services Platform 2100 Input Validation Flaw Lets Remote Authenticated Users Execute Arbitrary Commands on the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Cisco Cloud Services Platform 2100 Command Injection Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.