Main Vulnerability Database Vulnerabilities #VU13933

#VU13933 Buffer overflow in Cisco SD-WAN - CVE-2018-0342

Published: July 18, 2018 / Updated: July 20, 2018

Vulnerability identifier: #VU13933

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0342

CWE-ID: CWE-120

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Cisco SD-WAN

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists in the configuration and monitoring service of the Cisco SD-WAN Solution due to buffer overflow when handling user-supplied input. A local attacker can send malicious data to the vDaemon listening service, trigger memory corruption and cause the vDaemon listening service to reload or execute arbitrary code with root privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Update to version 18.3.0.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-bo

#VU13933 Buffer overflow in Cisco SD-WAN - CVE-2018-0342

Description

Remediation

External links

Please verify you're human