CVE-2018-0222

Name: CVE-2018-0222
Creator: NVD / NIST
Published: 2018-05-17T03:29:00.217+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.79%

Last modified Jun 17, 2026

CVE-2018-0222 is a vulnerability of currently unknown severity. A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the default administrative account for the affected software. EPSS estimates a 3.79% chance of exploitation in the next 30 days.

Description

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the default administrative account for the affected software. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands with root privileges. This vulnerability affects all releases of Cisco DNA Center Software prior to Release 1.1.3. Cisco Bug IDs: CSCvh98929.

Metrics

EPSS Probability

3.79%

88.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Cisco	Digital Network Architecture Center	< 1.1.3

References

http://www.securityfocus.com/bid/104193Third Party Advisory, VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dnacVendor Advisory
http://www.securityfocus.com/bid/104193Third Party Advisory, VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dnacVendor Advisory

Timeline

Published: May 17, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-0222?

How severe is CVE-2018-0222?

Severity scoring for CVE-2018-0222 is pending analysis. The EPSS model estimates a 3.79% probability of exploitation in the next 30 days.

How do I fix CVE-2018-0222?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-0222?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST