CVE-2018-0434Improper Certificate Validation in Cisco Vedge 1000 Firmware

CWE-295Improper Certificate Validation4 documents4 sources
Severity
7.4HIGHNVD
EPSS
0.1%
top 68.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Cisco Vedge 1000 FirmwareCisco Vedge 100 FirmwareCisco Vedge 2000 Firmware+2 more
Timeline
PublishedOct 5
Latest updateMay 13

Description

A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt co

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages5 packages

🔴Vulnerability Details

2
GHSA
GHSA-6qq2-f6xc-778x: A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthoriz2022-05-13
CVEList
Cisco SD-WAN Solution Certificate Validation Vulnerability2018-10-05

📋Vendor Advisories

1
Cisco
Cisco SD-WAN Solution Certificate Validation Vulnerability2018-09-05
CVE-2018-0434 — Improper Certificate Validation | cvebase