CVE-2018-0342

CWE-119 — Buffer Overflow4 documents4 sources

Severity

6.7MEDIUM

EPSS

0.2%

top 53.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Vedge-1000 Firmware Cisco Vedge-100 Firmware Cisco Vedge-2000 Firmware +4 more

Timeline

PublishedJul 18

Latest updateMay 13

Description

A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete bounds checks for data that is provided by the configuration and monitoring service of the affected solution. An attacker could exploit this vulnerability by sending malicious data to the vDaemon listening servic…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages8 packages

▶NVDcisco/vedge-1000_firmware< 18.3.0

▶NVDcisco/vedge-2000_firmware< 18.3.0

▶NVDcisco/vedge-5000_firmware< 18.3.0

▶NVDcisco/vedge-100_firmware< 18.3.0

▶NVDcisco/vedge_100b_firmware< 18.3.0

🔴Vulnerability Details

GHSA

GHSA-ggx4-p7x5-97cc: A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbit↗2022-05-13

▶

CVEList

CVE-2018-0342: A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbit↗2018-07-18

▶

📋Vendor Advisories

Cisco

Cisco SD-WAN Solution Local Buffer Overflow Vulnerability↗2018-07-18

▶