CVE-2018-0345 — Improper Input Validation in Cisco Vedge-1000 Firmware

CWE-20 — Improper Input Validation CWE-88 — Argument Injection4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.9%

top 24.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Vedge-1000 Firmware Cisco Vedge-100 Firmware Cisco Vedge-2000 Firmware +4 more

Timeline

PublishedJul 18

Latest updateMay 13

Description

A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom funct…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

▶NVDcisco/vedge-100_firmware< 18.3.0

▶NVDcisco/vedge-1000_firmware< 18.3.0

▶NVDcisco/vedge-2000_firmware< 18.3.0

▶NVDcisco/vedge-5000_firmware< 18.3.0

▶NVDcisco/vedge_100b_firmware< 18.3.0

🔴Vulnerability Details

GHSA

GHSA-6x3g-4r88-c5qh: A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arb↗2022-05-13

▶

CVEList

CVE-2018-0345: A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arb↗2018-07-18

▶

📋Vendor Advisories

Cisco

Cisco SD-WAN Solution Configuration and Management Database Remote Code Execution Vulnerability↗2018-07-18

▶