CVE-2018-20053

Name of the Vulnerable Software and Affected Versions Cerner Connectivity Engine (CCE) version 4

Description An issue was discovered where the hostname, timezone, and NTP server configurations are vulnerable to command injection by sending a crafted configuration file over the network.

Recommendations For Cerner Connectivity Engine (CCE) version 4, consider restricting access to configuration files to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using network-sent configuration files that could potentially be crafted to inject commands.