SB2018090606 - Multiple vulnerabilities in Cisco SD-WAN Solution
Published: September 6, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Man-in-the-middle attack (CVE-ID: CVE-2018-0434)
The vulnerability allows a remote attacker to conduct man-in-the-middle attack.
The vulnerability exists in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution due to insufficient certificate validation. A remote attacker can supply a specially crafted certificate, conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.
2) Command injection (CVE-ID: CVE-2018-0433)
The vulnerability allows a local attacker to execute arbitrary commands.
The vulnerability exists in the command-line interface (CLI) in the Cisco SD-WAN Solution due to insufficient input validation. A local attacker can submit specially crafted input to the CLI utility to inject and execute commands with root privileges.
3) Privilege escalation (CVE-ID: CVE-2018-0432)
The vulnerability allows a remote authenticated attacker to gain elevated privileges.
The vulnerability exists in the error reporting feature of the Cisco SD-WAN Solution due to improper validation of certain parameters included within the error reporting application configuration. A remote attacker can send a specially crafted command to the error reporting feature, gain root-level privileges and take full control of the device.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-valid...
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-injection
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-escalation