CVE-2018-0346 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Vedge-1000 Firmware

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 35.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Vedge-1000 Firmware Cisco Vedge-100 Firmware Cisco Vedge-2000 Firmware +4 more

Timeline

PublishedJul 18

Latest updateMay 13

Description

A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checks for certain values in packets that are sent to the Zero Touch Provisioning service of the affected software. An attacker could exploit this vulnerability by sending malicious packets to the affected software for processing. When the software proces…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

▶NVDcisco/vedge-100_firmware< 18.3.0

▶NVDcisco/vedge-1000_firmware< 18.3.0

▶NVDcisco/vedge-2000_firmware< 18.3.0

▶NVDcisco/vedge-5000_firmware< 18.3.0

▶NVDcisco/vedge_100b_firmware< 18.3.0

🔴Vulnerability Details

GHSA

GHSA-mgv5-gwhp-72c8: A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial↗2022-05-13

▶

CVEList

CVE-2018-0346: A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial↗2018-07-18

▶

📋Vendor Advisories

Cisco

Cisco SD-WAN Solution Zero Touch Provisioning Denial of Service Vulnerability↗2018-07-18

▶