Multiple vulnerabilities in Cisco SD-WAN Solution
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-0434 CVE-2018-0433 CVE-2018-0432 |
| CWE-ID | CWE-300 CWE-295 CWE-77 CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco SD-WAN Client/Desktop applications / Virtualization software |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Man-in-the-middle attack
EUVDB-ID: #VU14644
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0434
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to conduct man-in-the-middle attack.
The vulnerability exists in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution due to insufficient certificate validation. A remote attacker can supply a specially crafted certificate, conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.
MitigationUpdate to version 18.3.0.
Vulnerable software versionsCisco SD-WAN: 18.2.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Command injection
EUVDB-ID: #VU14649
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0433
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary commands.
The vulnerability exists in the command-line interface (CLI) in the Cisco SD-WAN Solution due to insufficient input validation. A local attacker can submit specially crafted input to the CLI utility to inject and execute commands with root privileges.
MitigationUpdate to version 18.3.0.
Vulnerable software versionsCisco SD-WAN: 18.2.0
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Privilege escalation
EUVDB-ID: #VU14654
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0432
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges.
The vulnerability exists in the error reporting feature of the Cisco SD-WAN Solution due to improper validation of certain parameters included within the error reporting application configuration. A remote attacker can send a specially crafted command to the error reporting feature, gain root-level privileges and take full control of the device.
MitigationUpdate to version 18.3.0.
Vulnerable software versionsCisco SD-WAN: 18.2.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
