CVE-2018-0343

CWE-284 — Improper Access Control CWE-269 — Improper Privilege Management4 documents4 sources

Severity

8.8HIGH

EPSS

1.6%

top 18.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Vedge-1000 Firmware Cisco Vedge-100 Firmware Cisco Vedge-2000 Firmware +4 more

Timeline

PublishedJul 18

Latest updateMay 13

Description

A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient access restrictions to the HTTP management interface of the affected solution. An attacker could exploit this vulnerability by sending a malicious HTTP request to the affected management service throug…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

▶NVDcisco/vedge-1000_firmware< 18.3.0

▶NVDcisco/vedge-2000_firmware< 18.3.0

▶NVDcisco/vedge-5000_firmware< 18.3.0

▶NVDcisco/vedge-100_firmware< 18.3.0

▶NVDcisco/vedge_100b_firmware< 18.3.0

🔴Vulnerability Details

GHSA

GHSA-3vvq-2whw-xv59: A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbi↗2022-05-13

▶

CVEList

CVE-2018-0343: A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbi↗2018-07-18

▶

📋Vendor Advisories

Cisco

Cisco SD-WAN Solution Remote Code Execution Vulnerability↗2018-07-18

▶