Main Vulnerability Database Vulnerabilities #VU13935

#VU13935 Improper input validation in Cisco SD-WAN - CVE-2018-0343

Published: July 20, 2018

Vulnerability identifier: #VU13935

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-0343

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco SD-WAN

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition or execute arbitrary code on the target system.

The vulnerability exists in the configuration and management service of the Cisco SD-WAN Solution due to insufficient access restrictions to the HTTP management interface. A remote authenticated attacker can send a malicious HTTP request to the affected management service through an authenticated device and stop HTTP services or execute arbitrary code with vmanage user privileges.

Remediation

Update to version 18.3.0.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-code-...

#VU13935 Improper input validation in Cisco SD-WAN - CVE-2018-0343

Description

Remediation

External links

Please verify you're human