CVE-2018-0344 — Command Injection in Cisco Vedge-1000 Firmware

CWE-77 — Command Injection4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.4%

top 42.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Vedge-1000 Firmware Cisco Vedge-100 Firmware Cisco Vedge-2000 Firmware +4 more

Timeline

PublishedJul 18

Latest updateMay 13

Description

A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution.…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages7 packages

▶NVDcisco/vedge-1000_firmware< 18.3.0

▶NVDcisco/vedge-2000_firmware< 18.3.0

▶NVDcisco/vedge-5000_firmware< 18.3.0

▶NVDcisco/vedge-100_firmware< 18.3.0

▶NVDcisco/vedge_100b_firmware< 18.3.0

🔴Vulnerability Details

GHSA

GHSA-96g6-9542-jj7h: A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remot↗2022-05-13

▶

CVEList

CVE-2018-0344: A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remot↗2018-07-18

▶

📋Vendor Advisories

Cisco

Cisco SD-WAN Solution Command Injection Vulnerability↗2018-07-18

▶