Multiple vulnerabilities in Cisco SD-WAN
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2018-0342 CVE-2018-0344 CVE-2018-0343 CVE-2018-0347 CVE-2018-0350 CVE-2018-0348 CVE-2018-0351 CVE-2018-0345 CVE-2018-0346 CVE-2018-0349 |
| CWE-ID | CWE-120 CWE-77 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco SD-WAN Client/Desktop applications / Virtualization software |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU13933
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0342
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists in the configuration and monitoring service of the Cisco SD-WAN Solution due to buffer overflow when handling user-supplied input. A local attacker can send malicious data to the vDaemon listening service, trigger memory corruption and cause the vDaemon listening service to reload or execute arbitrary code with root privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 18.3.0.
Cisco SD-WAN: before 18.3.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-bo
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Command injection
EUVDB-ID: #VU13934
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0344
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary commands on the target system.
The vulnerability exists in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution due to insufficient input validation of data parameters for certain fields in the affected solution. A remote authenticated attacker can configure a malicious username on the login page, inject and execute arbitrary commands with vmanage user privileges.
MitigationUpdate to version 18.3.0.
Cisco SD-WAN: before 18.3.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU13935
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0343
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists in the configuration and management service of the Cisco SD-WAN Solution due to insufficient access restrictions to the HTTP management interface. A remote authenticated attacker can send a malicious HTTP request to the affected management service through an authenticated device and stop HTTP services or execute arbitrary code with vmanage user privileges.
MitigationUpdate to version 18.3.0.
Cisco SD-WAN: before 18.3.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Command injection
EUVDB-ID: #VU13936
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0347
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary commands on the target system.
The vulnerability exists in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution due to insufficient input validation. A local attacker can submit malicious input to the affected parameter, inject and execute arbitrary commands with root privileges.
MitigationUpdate to version 18.3.0.
Cisco SD-WAN: before 18.3.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Command injection
EUVDB-ID: #VU13937
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0350
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary commands on the target system.
The vulnerability exists in the VPN subsystem configuration in the Cisco SD-WAN Solution due to insufficient input validation. A local attacker can submit malicious input to the affected parameter, inject and execute arbitrary commands with root privileges.
MitigationUpdate to version 18.3.0.
Cisco SD-WAN: before 18.3.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdinj
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Command injection
EUVDB-ID: #VU13938
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0348
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary commands on the target system.
The vulnerability exists in the CLI of the Cisco SD-WAN Solution due to insufficient input validation. A remote authenticated attacker can submit malicious input to the load command within the VPN subsystem, inject and execute arbitrary commands with root privileges.
MitigationUpdate to version 18.3.0.
Cisco SD-WAN: before 18.3.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Command injection
EUVDB-ID: #VU13939
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0351
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary commands on the target system.
The vulnerability exists in the command-line tcpdump utility in the Cisco SD-WAN Solution due to insufficient input validation. A local attacker can submit malicious input to the tcpdump utility, inject and execute arbitrary commands with root privileges.
MitigationUpdate to version 18.3.0.
Cisco SD-WAN: before 18.3.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-coinj
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Command injection
EUVDB-ID: #VU13940
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0345
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary commands on the target system.
The vulnerability exists in the configuration and management service of the Cisco SD-WAN Solution due to insufficient validation of command arguments that are passed to the configuration and management database. A remote authenticated attacker can create custom functions that contain malicious code, inject and execute arbitrary commands with the privileges of the vmanage user in the configuration management system.
MitigationUpdate to version 18.3.0.
Cisco SD-WAN: before 18.3.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU13941
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0346
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the Zero Touch Provisioning service of the Cisco SD-WAN Solution due to buffer overflow when handling certain values in packets that are sent to the Zero Touch Provisioning service. A remote attacker can send malicious packets to the affected software for processing, trigger memory corruption and cause the affected device to reload.
MitigationUpdate to version 18.3.0.
Cisco SD-WAN: before 18.3.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-dos
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Privilege escalation
EUVDB-ID: #VU13942
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0349
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The vulnerability exists in the Cisco SD-WAN Solution due to improper input validation of the request admin-tech command in the CLI. A remote authenticated attacker can modify the request admin-tech command in the CLI and overwrite arbitrary files on the underlying operating system to gain root privileges.
Update to version 18.3.0.
Cisco SD-WAN: before 18.3.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-fo
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
