SB2018090606 - Multiple vulnerabilities in Cisco SD-WAN Solution
Published: September 6, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Man-in-the-middle attack (CVE-ID: CVE-2018-0434)
CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to conduct man-in-the-middle attack.
The vulnerability exists in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution due to insufficient certificate validation. A remote attacker can supply a specially crafted certificate, conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.
2) Command injection (CVE-ID: CVE-2018-0433)
CWE-ID: CWE-77 - Command injection
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to execute arbitrary commands.
The vulnerability exists in the command-line interface (CLI) in the Cisco SD-WAN Solution due to insufficient input validation. A local attacker can submit specially crafted input to the CLI utility to inject and execute commands with root privileges.
3) Privilege escalation (CVE-ID: CVE-2018-0432)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote authenticated attacker to gain elevated privileges.
The vulnerability exists in the error reporting feature of the Cisco SD-WAN Solution due to improper validation of certain parameters included within the error reporting application configuration. A remote attacker can send a specially crafted command to the error reporting feature, gain root-level privileges and take full control of the device.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-valid...
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-injection
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-escalation