CVE-2018-0222
Description
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the default administrative account for the affected software. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands with root privileges. This vulnerability affects all releases of Cisco DNA Center Software prior to Release 1.1.3. Cisco Bug IDs: CSCvh98929.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco DNA Center before 1.1.3 contains undocumented static user credentials for the default administrative account, allowing unauthenticated remote attackers to gain root access.
Vulnerability
Cisco Digital Network Architecture (DNA) Center software prior to release 1.1.3 contains undocumented, static user credentials for the default administrative account. This vulnerability allows an unauthenticated, remote attacker to log in using these credentials. The issue is identified by Cisco Bug ID CSCvh98929 [1].
Exploitation
An attacker can exploit this vulnerability by simply using the default administrative account credentials to log in to an affected Cisco DNA Center system. No authentication or prior access is required. The attacker can connect to the system over the network and attempt login using the known static credentials [1].
Impact
Successful exploitation allows the attacker to log in with root privileges and execute arbitrary commands on the affected system, leading to full compromise of the Cisco DNA Center [1].
Mitigation
Cisco has released free software updates to address this vulnerability. Users should upgrade to Cisco DNA Center release 1.1.3 or later. No workarounds are available. Customers can obtain the fixed software from Cisco as described in the advisory [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <1.1.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/104193mitrevdb-entryx_refsource_BID
- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dnacmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.