CVE-2018-0099

Name of the Vulnerable Software and Affected Versions: Cisco D9800 Network Transport Receiver (affected versions not specified)

Description: A vulnerability in the web management GUI could allow an authenticated, remote attacker to perform a command injection attack due to insufficient input validation of GUI command arguments. An attacker could exploit this by injecting crafted arguments into a vulnerable GUI command, potentially executing commands on the underlying BusyBox operating system at the privilege level of the authenticated user. The attacker needs valid device credentials for this attack.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.