Vulnerabilites related to cisco - vbond_orchestrator
cve-2018-0344
Vulnerability from cvelistv5
Published
2018-07-18 23:00
Modified
2024-11-29 14:53
Severity ?
EPSS score ?
Summary
A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69974.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-cmd-inject | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104868 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco SD-WAN Solution unknown |
Version: Cisco SD-WAN Solution unknown |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:21:15.486Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-cmd-inject", }, { name: "104868", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104868", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0344", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T14:41:38.029939Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T14:53:29.228Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco SD-WAN Solution unknown", vendor: "n/a", versions: [ { status: "affected", version: "Cisco SD-WAN Solution unknown", }, ], }, ], datePublic: "2018-07-18T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69974.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-24T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-cmd-inject", }, { name: "104868", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104868", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0344", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco SD-WAN Solution unknown", version: { version_data: [ { version_value: "Cisco SD-WAN Solution unknown", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69974.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-77", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-cmd-inject", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-cmd-inject", }, { name: "104868", refsource: "BID", url: "http://www.securityfocus.com/bid/104868", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0344", datePublished: "2018-07-18T23:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-11-29T14:53:29.228Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0351
Vulnerability from cvelistv5
Published
2018-07-18 23:00
Modified
2024-11-29 14:51
Severity ?
EPSS score ?
Summary
A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the tcpdump utility. The attacker must be authenticated to access the tcpdump utility. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69751.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-coinj | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104860 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco SD-WAN Solution unknown |
Version: Cisco SD-WAN Solution unknown |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:21:15.580Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-coinj", }, { name: "104860", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104860", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0351", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T14:41:30.842011Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T14:51:56.238Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco SD-WAN Solution unknown", vendor: "n/a", versions: [ { status: "affected", version: "Cisco SD-WAN Solution unknown", }, ], }, ], datePublic: "2018-07-18T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the tcpdump utility. The attacker must be authenticated to access the tcpdump utility. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69751.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-21T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-coinj", }, { name: "104860", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104860", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0351", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco SD-WAN Solution unknown", version: { version_data: [ { version_value: "Cisco SD-WAN Solution unknown", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the tcpdump utility. The attacker must be authenticated to access the tcpdump utility. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69751.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-77", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-coinj", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-coinj", }, { name: "104860", refsource: "BID", url: "http://www.securityfocus.com/bid/104860", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0351", datePublished: "2018-07-18T23:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-11-29T14:51:56.238Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1648
Vulnerability from cvelistv5
Published
2019-01-24 15:00
Modified
2024-11-20 17:28
Severity ?
EPSS score ?
Summary
A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the group configuration. An attacker could exploit this vulnerability by writing a crafted file to the directory where the user group configuration is located in the underlying operating system. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-sol-escal | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/106719 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco SD-WAN Solution |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:20:28.437Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190123 Cisco SD-WAN Solution Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-sol-escal", }, { name: "106719", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106719", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1648", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T16:56:04.651892Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T17:28:37.180Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco SD-WAN Solution", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-01-23T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the group configuration. An attacker could exploit this vulnerability by writing a crafted file to the directory where the user group configuration is located in the underlying operating system. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-264", description: "CWE-264", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-26T10:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190123 Cisco SD-WAN Solution Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-sol-escal", }, { name: "106719", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106719", }, ], source: { advisory: "cisco-sa-20190123-sdwan-sol-escal", defect: [ [ "CSCvi69985", ], ], discovery: "INTERNAL", }, title: "Cisco SD-WAN Solution Privilege Escalation Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-01-23T16:00:00-0800", ID: "CVE-2019-1648", STATE: "PUBLIC", TITLE: "Cisco SD-WAN Solution Privilege Escalation Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco SD-WAN Solution", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the group configuration. An attacker could exploit this vulnerability by writing a crafted file to the directory where the user group configuration is located in the underlying operating system. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "7.8", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-264", }, ], }, ], }, references: { reference_data: [ { name: "20190123 Cisco SD-WAN Solution Privilege Escalation Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-sol-escal", }, { name: "106719", refsource: "BID", url: "http://www.securityfocus.com/bid/106719", }, ], }, source: { advisory: "cisco-sa-20190123-sdwan-sol-escal", defect: [ [ "CSCvi69985", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1648", datePublished: "2019-01-24T15:00:00Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-20T17:28:37.180Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0350
Vulnerability from cvelistv5
Published
2018-07-18 23:00
Modified
2024-11-29 14:52
Severity ?
EPSS score ?
Summary
A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page. The attacker must be authenticated to access the affected parameter. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69808, CSCvi69810, CSCvi69814, CSCvi69822, CSCvi69827, CSCvi69828, CSCvi69836.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104874 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdinj | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco SD-WAN Solution unknown |
Version: Cisco SD-WAN Solution unknown |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:21:15.608Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "104874", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104874", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdinj", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0350", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T14:41:32.234981Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T14:52:06.737Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco SD-WAN Solution unknown", vendor: "n/a", versions: [ { status: "affected", version: "Cisco SD-WAN Solution unknown", }, ], }, ], datePublic: "2018-07-18T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page. The attacker must be authenticated to access the affected parameter. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69808, CSCvi69810, CSCvi69814, CSCvi69822, CSCvi69827, CSCvi69828, CSCvi69836.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-25T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "104874", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104874", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdinj", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0350", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco SD-WAN Solution unknown", version: { version_data: [ { version_value: "Cisco SD-WAN Solution unknown", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page. The attacker must be authenticated to access the affected parameter. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69808, CSCvi69810, CSCvi69814, CSCvi69822, CSCvi69827, CSCvi69828, CSCvi69836.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-77", }, ], }, ], }, references: { reference_data: [ { name: "104874", refsource: "BID", url: "http://www.securityfocus.com/bid/104874", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdinj", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdinj", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0350", datePublished: "2018-07-18T23:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-11-29T14:52:06.737Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0345
Vulnerability from cvelistv5
Published
2018-07-18 23:00
Modified
2024-11-29 14:53
Severity ?
EPSS score ?
Summary
A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that contain malicious code and are executed as the vmanage user of the configuration management system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69937.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104859 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco SD-WAN Solution unknown |
Version: Cisco SD-WAN Solution unknown |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:21:15.478Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "104859", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104859", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0345", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T14:41:36.646505Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T14:53:18.176Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco SD-WAN Solution unknown", vendor: "n/a", versions: [ { status: "affected", version: "Cisco SD-WAN Solution unknown", }, ], }, ], datePublic: "2018-07-18T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that contain malicious code and are executed as the vmanage user of the configuration management system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69937.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-21T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "104859", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104859", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0345", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco SD-WAN Solution unknown", version: { version_data: [ { version_value: "Cisco SD-WAN Solution unknown", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that contain malicious code and are executed as the vmanage user of the configuration management system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69937.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "104859", refsource: "BID", url: "http://www.securityfocus.com/bid/104859", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0345", datePublished: "2018-07-18T23:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-11-29T14:53:18.176Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0342
Vulnerability from cvelistv5
Published
2018-07-18 23:00
Modified
2024-11-29 14:53
Severity ?
EPSS score ?
Summary
A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete bounds checks for data that is provided by the configuration and monitoring service of the affected solution. An attacker could exploit this vulnerability by sending malicious data to the vDaemon listening service on an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, which could allow the attacker to execute arbitrary code with root privileges on the device or cause the vDaemon listening service to reload and result in a DoS condition on the device. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi70003.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104877 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-bo | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco SD-WAN Solution unknown |
Version: Cisco SD-WAN Solution unknown |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:21:15.506Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "104877", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104877", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-bo", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0342", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T14:41:41.131224Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T14:53:48.050Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco SD-WAN Solution unknown", vendor: "n/a", versions: [ { status: "affected", version: "Cisco SD-WAN Solution unknown", }, ], }, ], datePublic: "2018-07-18T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete bounds checks for data that is provided by the configuration and monitoring service of the affected solution. An attacker could exploit this vulnerability by sending malicious data to the vDaemon listening service on an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, which could allow the attacker to execute arbitrary code with root privileges on the device or cause the vDaemon listening service to reload and result in a DoS condition on the device. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi70003.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-25T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "104877", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104877", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-bo", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0342", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco SD-WAN Solution unknown", version: { version_data: [ { version_value: "Cisco SD-WAN Solution unknown", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete bounds checks for data that is provided by the configuration and monitoring service of the affected solution. An attacker could exploit this vulnerability by sending malicious data to the vDaemon listening service on an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, which could allow the attacker to execute arbitrary code with root privileges on the device or cause the vDaemon listening service to reload and result in a DoS condition on the device. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi70003.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-119", }, ], }, ], }, references: { reference_data: [ { name: "104877", refsource: "BID", url: "http://www.securityfocus.com/bid/104877", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-bo", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-bo", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0342", datePublished: "2018-07-18T23:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-11-29T14:53:48.050Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0347
Vulnerability from cvelistv5
Published
2018-07-18 23:00
Modified
2024-11-29 14:52
Severity ?
EPSS score ?
Summary
A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the affected parameter. The attacker must be authenticated to access the affected parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers. Cisco Bug IDs: CSCvi69906.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104862 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco SD-WAN Solution unknown |
Version: Cisco SD-WAN Solution unknown |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:21:15.582Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "104862", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104862", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0347", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T14:41:35.325698Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T14:52:50.795Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco SD-WAN Solution unknown", vendor: "n/a", versions: [ { status: "affected", version: "Cisco SD-WAN Solution unknown", }, ], }, ], datePublic: "2018-07-18T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the affected parameter. The attacker must be authenticated to access the affected parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers. Cisco Bug IDs: CSCvi69906.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-21T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "104862", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104862", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0347", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco SD-WAN Solution unknown", version: { version_data: [ { version_value: "Cisco SD-WAN Solution unknown", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the affected parameter. The attacker must be authenticated to access the affected parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers. Cisco Bug IDs: CSCvi69906.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-77", }, ], }, ], }, references: { reference_data: [ { name: "104862", refsource: "BID", url: "http://www.securityfocus.com/bid/104862", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0347", datePublished: "2018-07-18T23:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-11-29T14:52:50.795Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-3379
Vulnerability from cvelistv5
Published
2020-07-16 17:21
Modified
2024-11-15 16:53
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain administrative privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmpresc-SyzcS4kC | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco SD-WAN Solution |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:30:58.020Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20200715 Cisco SD-WAN Solution Software Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmpresc-SyzcS4kC", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-3379", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-15T16:27:14.185694Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T16:53:01.086Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco SD-WAN Solution", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-07-15T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain administrative privileges.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-264", description: "CWE-264", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-16T17:21:50", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20200715 Cisco SD-WAN Solution Software Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmpresc-SyzcS4kC", }, ], source: { advisory: "cisco-sa-vmpresc-SyzcS4kC", defect: [ [ "CSCvi69987", ], ], discovery: "INTERNAL", }, title: "Cisco SD-WAN Solution Software Privilege Escalation Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2020-07-15T16:00:00", ID: "CVE-2020-3379", STATE: "PUBLIC", TITLE: "Cisco SD-WAN Solution Software Privilege Escalation Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco SD-WAN Solution", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain administrative privileges.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "5.3", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-264", }, ], }, ], }, references: { reference_data: [ { name: "20200715 Cisco SD-WAN Solution Software Privilege Escalation Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmpresc-SyzcS4kC", }, ], }, source: { advisory: "cisco-sa-vmpresc-SyzcS4kC", defect: [ [ "CSCvi69987", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2020-3379", datePublished: "2020-07-16T17:21:51.004104Z", dateReserved: "2019-12-12T00:00:00", dateUpdated: "2024-11-15T16:53:01.086Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0349
Vulnerability from cvelistv5
Published
2018-07-18 23:00
Modified
2024-11-29 14:52
Severity ?
EPSS score ?
Summary
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the request admin-tech command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69852, CSCvi69856.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-fo | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104854 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco SD-WAN Solution unknown |
Version: Cisco SD-WAN Solution unknown |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:21:15.514Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-fo", }, { name: "104854", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104854", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0349", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T14:45:32.150987Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T14:52:14.944Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco SD-WAN Solution unknown", vendor: "n/a", versions: [ { status: "affected", version: "Cisco SD-WAN Solution unknown", }, ], }, ], datePublic: "2018-07-18T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the request admin-tech command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69852, CSCvi69856.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-20T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-fo", }, { name: "104854", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104854", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0349", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco SD-WAN Solution unknown", version: { version_data: [ { version_value: "Cisco SD-WAN Solution unknown", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the request admin-tech command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69852, CSCvi69856.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-fo", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-fo", }, { name: "104854", refsource: "BID", url: "http://www.securityfocus.com/bid/104854", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0349", datePublished: "2018-07-18T23:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-11-29T14:52:14.944Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0348
Vulnerability from cvelistv5
Published
2018-07-18 23:00
Modified
2024-11-29 14:52
Severity ?
EPSS score ?
Summary
A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the load command within the VPN subsystem. The attacker must be authenticated to access the affected CLI parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69866.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104875 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdnjct | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco SD-WAN Solution unknown |
Version: Cisco SD-WAN Solution unknown |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:21:15.493Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "104875", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104875", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdnjct", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0348", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T14:41:33.951225Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T14:52:29.808Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco SD-WAN Solution unknown", vendor: "n/a", versions: [ { status: "affected", version: "Cisco SD-WAN Solution unknown", }, ], }, ], datePublic: "2018-07-18T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the load command within the VPN subsystem. The attacker must be authenticated to access the affected CLI parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69866.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-25T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "104875", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104875", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdnjct", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0348", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco SD-WAN Solution unknown", version: { version_data: [ { version_value: "Cisco SD-WAN Solution unknown", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the load command within the VPN subsystem. The attacker must be authenticated to access the affected CLI parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69866.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-77", }, ], }, ], }, references: { reference_data: [ { name: "104875", refsource: "BID", url: "http://www.securityfocus.com/bid/104875", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdnjct", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdnjct", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0348", datePublished: "2018-07-18T23:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-11-29T14:52:29.808Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1646
Vulnerability from cvelistv5
Published
2019-01-24 15:00
Modified
2024-11-20 17:28
Severity ?
EPSS score ?
Summary
A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. The vulnerability exists because user input is not properly sanitized for certain commands at the CLI. An attacker could exploit this vulnerability by sending crafted commands to the CLI of an affected device. A successful exploit could allow the attacker to establish an interactive session with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-escal | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/106723 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco SD-WAN Solution |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:20:28.433Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190123 Multiple Privilege Escalation Vulnerabilities in Cisco SD-WAN Solution", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-escal", }, { name: "106723", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106723", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1646", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T16:56:07.335389Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T17:28:59.001Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco SD-WAN Solution", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-01-23T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. The vulnerability exists because user input is not properly sanitized for certain commands at the CLI. An attacker could exploit this vulnerability by sending crafted commands to the CLI of an affected device. A successful exploit could allow the attacker to establish an interactive session with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-264", description: "CWE-264", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-26T10:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190123 Multiple Privilege Escalation Vulnerabilities in Cisco SD-WAN Solution", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-escal", }, { name: "106723", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106723", }, ], source: { advisory: "cisco-sa-20190123-sdwan-escal", defect: [ [ "CSCvm25992", "CSCvm26016", "CSCvm26025", "CSCvm26033", "CSCvm26036", ], ], discovery: "INTERNAL", }, title: "Privilege Escalation Vulnerability in Cisco SD-WAN Solution", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-01-23T16:00:00-0800", ID: "CVE-2019-1646", STATE: "PUBLIC", TITLE: "Privilege Escalation Vulnerability in Cisco SD-WAN Solution", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco SD-WAN Solution", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. The vulnerability exists because user input is not properly sanitized for certain commands at the CLI. An attacker could exploit this vulnerability by sending crafted commands to the CLI of an affected device. A successful exploit could allow the attacker to establish an interactive session with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "7.8", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-264", }, ], }, ], }, references: { reference_data: [ { name: "20190123 Multiple Privilege Escalation Vulnerabilities in Cisco SD-WAN Solution", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-escal", }, { name: "106723", refsource: "BID", url: "http://www.securityfocus.com/bid/106723", }, ], }, source: { advisory: "cisco-sa-20190123-sdwan-escal", defect: [ [ "CSCvm25992", "CSCvm26016", "CSCvm26025", "CSCvm26033", "CSCvm26036", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1646", datePublished: "2019-01-24T15:00:00Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-20T17:28:59.001Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0346
Vulnerability from cvelistv5
Published
2018-07-18 23:00
Modified
2024-11-29 14:53
Severity ?
EPSS score ?
Summary
A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checks for certain values in packets that are sent to the Zero Touch Provisioning service of the affected software. An attacker could exploit this vulnerability by sending malicious packets to the affected software for processing. When the software processes the packets, a buffer overflow condition could occur and cause an affected device to reload. A successful exploit could allow the attacker to cause a temporary DoS condition while the device reloads. This vulnerability can be exploited only by traffic that is destined for an affected device. It cannot be exploited by traffic that is transiting a device. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69914.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-dos | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104855 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco SD-WAN Solution unknown |
Version: Cisco SD-WAN Solution unknown |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:21:15.451Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-dos", }, { name: "104855", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104855", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0346", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T14:43:29.505142Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T14:53:08.946Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco SD-WAN Solution unknown", vendor: "n/a", versions: [ { status: "affected", version: "Cisco SD-WAN Solution unknown", }, ], }, ], datePublic: "2018-07-18T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checks for certain values in packets that are sent to the Zero Touch Provisioning service of the affected software. An attacker could exploit this vulnerability by sending malicious packets to the affected software for processing. When the software processes the packets, a buffer overflow condition could occur and cause an affected device to reload. A successful exploit could allow the attacker to cause a temporary DoS condition while the device reloads. This vulnerability can be exploited only by traffic that is destined for an affected device. It cannot be exploited by traffic that is transiting a device. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69914.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-20T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-dos", }, { name: "104855", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104855", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0346", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco SD-WAN Solution unknown", version: { version_data: [ { version_value: "Cisco SD-WAN Solution unknown", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checks for certain values in packets that are sent to the Zero Touch Provisioning service of the affected software. An attacker could exploit this vulnerability by sending malicious packets to the affected software for processing. When the software processes the packets, a buffer overflow condition could occur and cause an affected device to reload. A successful exploit could allow the attacker to cause a temporary DoS condition while the device reloads. This vulnerability can be exploited only by traffic that is destined for an affected device. It cannot be exploited by traffic that is transiting a device. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69914.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-119", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-dos", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-dos", }, { name: "104855", refsource: "BID", url: "http://www.securityfocus.com/bid/104855", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0346", datePublished: "2018-07-18T23:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-11-29T14:53:08.946Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0433
Vulnerability from cvelistv5
Published
2018-10-05 14:00
Modified
2024-11-26 14:44
Severity ?
EPSS score ?
Summary
A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105295 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-injection | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco SD-WAN Solution |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:28:09.813Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "105295", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105295", }, { name: "20180905 Cisco SD-WAN Solution Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-injection", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0433", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-25T18:51:43.238664Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-26T14:44:07.519Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco SD-WAN Solution", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-09-05T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-07T09:57:02", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "105295", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105295", }, { name: "20180905 Cisco SD-WAN Solution Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-injection", }, ], source: { advisory: "cisco-sa-20180905-sd-wan-injection", defect: [ [ "CSCvi69802", "CSCvi69903", ], ], discovery: "UNKNOWN", }, title: "Cisco SD-WAN Solution Command Injection Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2018-09-05T16:00:00-0500", ID: "CVE-2018-0433", STATE: "PUBLIC", TITLE: "Cisco SD-WAN Solution Command Injection Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco SD-WAN Solution", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.", }, ], }, impact: { cvss: { baseScore: "7.8", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-77", }, ], }, ], }, references: { reference_data: [ { name: "105295", refsource: "BID", url: "http://www.securityfocus.com/bid/105295", }, { name: "20180905 Cisco SD-WAN Solution Command Injection Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-injection", }, ], }, source: { advisory: "cisco-sa-20180905-sd-wan-injection", defect: [ [ "CSCvi69802", "CSCvi69903", ], ], discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0433", datePublished: "2018-10-05T14:00:00Z", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-11-26T14:44:07.519Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0343
Vulnerability from cvelistv5
Published
2018-07-18 23:00
Modified
2024-11-29 14:53
Severity ?
EPSS score ?
Summary
A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient access restrictions to the HTTP management interface of the affected solution. An attacker could exploit this vulnerability by sending a malicious HTTP request to the affected management service through an authenticated device. A successful exploit could allow the attacker to execute arbitrary code with vmanage user privileges or stop HTTP services on an affected system. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69976.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-code-ex | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104861 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco SD-WAN Solution unknown |
Version: Cisco SD-WAN Solution unknown |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:21:15.438Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-code-ex", }, { name: "104861", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104861", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0343", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T14:41:39.524741Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T14:53:39.262Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco SD-WAN Solution unknown", vendor: "n/a", versions: [ { status: "affected", version: "Cisco SD-WAN Solution unknown", }, ], }, ], datePublic: "2018-07-18T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient access restrictions to the HTTP management interface of the affected solution. An attacker could exploit this vulnerability by sending a malicious HTTP request to the affected management service through an authenticated device. A successful exploit could allow the attacker to execute arbitrary code with vmanage user privileges or stop HTTP services on an affected system. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69976.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-21T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-code-ex", }, { name: "104861", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104861", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0343", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco SD-WAN Solution unknown", version: { version_data: [ { version_value: "Cisco SD-WAN Solution unknown", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient access restrictions to the HTTP management interface of the affected solution. An attacker could exploit this vulnerability by sending a malicious HTTP request to the affected management service through an authenticated device. A successful exploit could allow the attacker to execute arbitrary code with vmanage user privileges or stop HTTP services on an affected system. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69976.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-284", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-code-ex", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-code-ex", }, { name: "104861", refsource: "BID", url: "http://www.securityfocus.com/bid/104861", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0343", datePublished: "2018-07-18T23:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-11-29T14:53:39.262Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1650
Vulnerability from cvelistv5
Published
2019-01-24 15:00
Modified
2024-11-20 17:28
Severity ?
EPSS score ?
Summary
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the save command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106716 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-file-write | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco SD-WAN Solution |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:20:28.362Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "106716", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106716", }, { name: "20190123 Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-file-write", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1650", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T16:56:03.197418Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T17:28:27.959Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco SD-WAN Solution", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-01-23T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the save command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-25T10:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "106716", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106716", }, { name: "20190123 Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-file-write", }, ], source: { advisory: "cisco-sa-20190123-sdwan-file-write", defect: [ [ "CSCvi69862", ], ], discovery: "INTERNAL", }, title: "Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-01-23T16:00:00-0800", ID: "CVE-2019-1650", STATE: "PUBLIC", TITLE: "Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco SD-WAN Solution", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the save command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "8.8", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "106716", refsource: "BID", url: "http://www.securityfocus.com/bid/106716", }, { name: "20190123 Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-file-write", }, ], }, source: { advisory: "cisco-sa-20190123-sdwan-file-write", defect: [ [ "CSCvi69862", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1650", datePublished: "2019-01-24T15:00:00Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-20T17:28:27.959Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2018-07-18 23:29
Modified
2024-11-21 03:38
Severity ?
Summary
A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the affected parameter. The attacker must be authenticated to access the affected parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers. Cisco Bug IDs: CSCvi69906.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/104862 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104862 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vbond_orchestrator | - | |
| cisco | vedge-plus | - | |
| cisco | vedge-pro | - | |
| cisco | vmanage_network_management | - | |
| cisco | vsmart_controller | - | |
| cisco | vedge-100_firmware | * | |
| cisco | vedge-100 | - | |
| cisco | vedge_100b_firmware | * | |
| cisco | vedge_100b | - | |
| cisco | vedge_100m_firmware | * | |
| cisco | vedge_100m | - | |
| cisco | vedge_100wm_firmware | * | |
| cisco | vedge_100wm | - | |
| cisco | vedge-1000_firmware | * | |
| cisco | vedge-1000 | - | |
| cisco | vedge-2000_firmware | * | |
| cisco | vedge-2000 | - | |
| cisco | vedge-5000_firmware | * | |
| cisco | vedge-5000 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:vbond_orchestrator:-:*:*:*:*:*:*:*", matchCriteriaId: "BA648664-0734-4D02-8944-CA4DF4D756D6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vedge-plus:-:*:*:*:*:*:*:*", matchCriteriaId: "8828CED0-5B61-4BC9-B222-2295507E5FB7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vedge-pro:-:*:*:*:*:*:*:*", matchCriteriaId: "937B8016-77E1-4F8C-8701-6AFFE36F6A49", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vmanage_network_management:-:*:*:*:*:*:*:*", matchCriteriaId: "DDF9528B-1D1E-4CF2-ABA8-D01CC6F4A8BD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vsmart_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16884C-A2EE-4867-8806-6418E000078C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "07BDB466-E5FC-40FF-8400-836551AD4AE5", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-100:-:*:*:*:*:*:*:*", matchCriteriaId: "5D71E4AF-6E91-4493-A591-4D056D0E59C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "493ED5A7-3F08-4C2B-8259-F945088C42C4", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*", matchCriteriaId: "0811E0B5-889E-451E-B754-A8FEE32BDFA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7A89574B-5FA1-45D2-92F5-E6AE60B21AAC", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*", matchCriteriaId: "36973815-F46D-4ADA-B9DF-BCB70AC60BD3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A124EBDB-1E4D-44FF-8647-342ACB7FC536", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*", matchCriteriaId: "061A302C-8D35-4E80-93DA-916DA7E90C06", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F33875D3-8A95-4201-B385-FA63CCDBE103", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-1000:-:*:*:*:*:*:*:*", matchCriteriaId: "F718A859-BCDB-4DD0-819D-60ABE710F0A9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D486E57-9E41-4744-AB0C-56B706B6989C", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-2000:-:*:*:*:*:*:*:*", matchCriteriaId: "52EEF288-492C-4CE6-A082-631005C5E711", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C78995CF-3005-496D-A168-F9EEF09EEF44", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-5000:-:*:*:*:*:*:*:*", matchCriteriaId: "C0C5E2C9-7D4B-405C-93DD-33DF265131E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the affected parameter. The attacker must be authenticated to access the affected parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers. Cisco Bug IDs: CSCvi69906.", }, { lang: "es", value: "Una vulnerabilidad en el subsistema Zero Touch Provisioning (ZTP) de Cisco SD-WAN podría permitir que un atacante local autenticado inyecte comandos arbitrarios que se ejecutan con privilegios root. Esta vulnerabilidad se debe a una validación de entradas insuficiente. Un atacante podría explotar esta vulnerabilidad autenticándose en el dispositivo y enviando entradas maliciosas al parámetro afectado. El atacante debe estar autenticado para acceder al parámetro afectado. Su explotación con éxito podría permitir que el atacante ejecute comandos con privilegios root. Esta vulnerabilidad afecta a los siguientes productos Cisco si están ejecutando una versión de Cisco SD-WAN Solution anterior a la 18.3.0: vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers y vEdge 5000 Series Routers. Cisco Bug IDs: CSCvi69906.", }, ], id: "CVE-2018-0347", lastModified: "2024-11-21T03:38:01.850", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-18T23:29:00.493", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104862", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104862", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-18 23:29
Modified
2024-11-21 03:38
Severity ?
Summary
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the request admin-tech command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69852, CSCvi69856.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/104854 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-fo | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104854 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-fo | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vbond_orchestrator | - | |
| cisco | vedge-plus | - | |
| cisco | vedge-pro | - | |
| cisco | vmanage_network_management | - | |
| cisco | vsmart_controller | - | |
| cisco | vedge-100_firmware | * | |
| cisco | vedge-100 | - | |
| cisco | vedge_100b_firmware | * | |
| cisco | vedge_100b | - | |
| cisco | vedge_100m_firmware | * | |
| cisco | vedge_100m | - | |
| cisco | vedge_100wm_firmware | * | |
| cisco | vedge_100wm | - | |
| cisco | vedge-1000_firmware | * | |
| cisco | vedge-1000 | - | |
| cisco | vedge-2000_firmware | * | |
| cisco | vedge-2000 | - | |
| cisco | vedge-5000_firmware | * | |
| cisco | vedge-5000 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:vbond_orchestrator:-:*:*:*:*:*:*:*", matchCriteriaId: "BA648664-0734-4D02-8944-CA4DF4D756D6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vedge-plus:-:*:*:*:*:*:*:*", matchCriteriaId: "8828CED0-5B61-4BC9-B222-2295507E5FB7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vedge-pro:-:*:*:*:*:*:*:*", matchCriteriaId: "937B8016-77E1-4F8C-8701-6AFFE36F6A49", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vmanage_network_management:-:*:*:*:*:*:*:*", matchCriteriaId: "DDF9528B-1D1E-4CF2-ABA8-D01CC6F4A8BD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vsmart_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16884C-A2EE-4867-8806-6418E000078C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "07BDB466-E5FC-40FF-8400-836551AD4AE5", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-100:-:*:*:*:*:*:*:*", matchCriteriaId: "5D71E4AF-6E91-4493-A591-4D056D0E59C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "493ED5A7-3F08-4C2B-8259-F945088C42C4", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*", matchCriteriaId: "0811E0B5-889E-451E-B754-A8FEE32BDFA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7A89574B-5FA1-45D2-92F5-E6AE60B21AAC", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*", matchCriteriaId: "36973815-F46D-4ADA-B9DF-BCB70AC60BD3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A124EBDB-1E4D-44FF-8647-342ACB7FC536", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*", matchCriteriaId: "061A302C-8D35-4E80-93DA-916DA7E90C06", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F33875D3-8A95-4201-B385-FA63CCDBE103", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-1000:-:*:*:*:*:*:*:*", matchCriteriaId: "F718A859-BCDB-4DD0-819D-60ABE710F0A9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D486E57-9E41-4744-AB0C-56B706B6989C", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-2000:-:*:*:*:*:*:*:*", matchCriteriaId: "52EEF288-492C-4CE6-A082-631005C5E711", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C78995CF-3005-496D-A168-F9EEF09EEF44", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-5000:-:*:*:*:*:*:*:*", matchCriteriaId: "C0C5E2C9-7D4B-405C-93DD-33DF265131E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the request admin-tech command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69852, CSCvi69856.", }, { lang: "es", value: "Una vulnerabilidad en Cisco SD-WAN Solution podría permitir que el atacante sobrescriba archivos arbitrarios en el sistema operativo subyacente de un dispositivo afectado. Esta vulnerabilidad se debe a la validación de entradas incorrecta del comando de petición admin-tech en la interfaz de línea de comandos del software afectado. Un atacante podría explotar esta vulnerabilidad modificando el comando de petición admin-tech en la interfaz de línea de comandos de un dispositivo afectado. Si se explota esta vulnerabilidad con éxito, el atacante podría sobrescribir archivos arbitrarios en el sistema operativo subyacente de un dispositivo afectado y escalar sus privilegios a usuario root. Esta vulnerabilidad afecta a los siguientes productos Cisco si están ejecutando una versión de Cisco SD-WAN Solution anterior a la 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software y vSmart Controller Software. Cisco Bug IDs: CSCvi69852, CSCvi69856.", }, ], id: "CVE-2018-0349", lastModified: "2024-11-21T03:38:02.130", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-18T23:29:00.587", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104854", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-fo", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104854", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-fo", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-24 15:29
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. The vulnerability exists because user input is not properly sanitized for certain commands at the CLI. An attacker could exploit this vulnerability by sending crafted commands to the CLI of an affected device. A successful exploit could allow the attacker to establish an interactive session with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/106723 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-escal | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106723 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-escal | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vedge_100_firmware | * | |
| cisco | vedge_100 | - | |
| cisco | vedge_1000_firmware | * | |
| cisco | vedge_1000 | - | |
| cisco | vedge_2000_firmware | * | |
| cisco | vedge_2000 | - | |
| cisco | vedge_5000_firmware | * | |
| cisco | vedge_5000 | - | |
| cisco | sd-wan | * | |
| cisco | vbond_orchestrator | - | |
| cisco | vmanage_network_management | - | |
| cisco | vsmart_controller | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8569BEE0-3BDA-4349-9FAC-6ACE0A4E3C28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*", matchCriteriaId: "00AAB4DD-1C45-412F-84AA-C056A0BBFB9A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "93A1525E-AB99-4217-8C31-1F040710B155", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*", matchCriteriaId: "F019975D-3A45-4522-9CB9-F4258C371DF6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "50272035-AE86-4BD5-88FA-929157267BC8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*", matchCriteriaId: "140AF13E-4463-478B-AA94-97406A80CB86", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACE381F7-295F-4F05-84B0-3F07E099AD59", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1356861D-E6CA-4973-9597-629507E8C07E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*", matchCriteriaId: "698D777B-1AB1-4A54-98EC-8948BF287DA9", versionEndExcluding: "18.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vbond_orchestrator:-:*:*:*:*:*:*:*", matchCriteriaId: "BA648664-0734-4D02-8944-CA4DF4D756D6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vmanage_network_management:-:*:*:*:*:*:*:*", matchCriteriaId: "DDF9528B-1D1E-4CF2-ABA8-D01CC6F4A8BD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vsmart_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16884C-A2EE-4867-8806-6418E000078C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. The vulnerability exists because user input is not properly sanitized for certain commands at the CLI. An attacker could exploit this vulnerability by sending crafted commands to the CLI of an affected device. A successful exploit could allow the attacker to establish an interactive session with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de línea de comandos (CLI) local de la solución Cisco SD-WAN podría permitir a un atacante local autenticado escalar privilegios y modificar los archivos de configuración de dispositivo. La vulnerabilidad existe porque las entradas del usuario no se sanean de manera correcta para determinados comandos en la CLI. Un atacante podría explotar esta vulnerabilidad enviando comandos manipulados a la CLI de un dispositivo afectado. Un exploit con éxito podría permitir que el atacante establezca una sesión interactiva con privilegios escalados. Posteriormente, el atacante podría utilizar dichos privilegios elevados para comprometer el dispositivo u obtener datos de configuración adicionales.", }, ], id: "CVE-2019-1646", lastModified: "2024-11-21T04:37:00.230", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-24T15:29:00.643", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106723", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-escal", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106723", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-escal", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-18 23:29
Modified
2024-11-21 03:38
Severity ?
Summary
A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checks for certain values in packets that are sent to the Zero Touch Provisioning service of the affected software. An attacker could exploit this vulnerability by sending malicious packets to the affected software for processing. When the software processes the packets, a buffer overflow condition could occur and cause an affected device to reload. A successful exploit could allow the attacker to cause a temporary DoS condition while the device reloads. This vulnerability can be exploited only by traffic that is destined for an affected device. It cannot be exploited by traffic that is transiting a device. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69914.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/104855 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-dos | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104855 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-dos | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vbond_orchestrator | - | |
| cisco | vedge-plus | - | |
| cisco | vedge-pro | - | |
| cisco | vmanage_network_management | - | |
| cisco | vsmart_controller | - | |
| cisco | vedge-100_firmware | * | |
| cisco | vedge-100 | - | |
| cisco | vedge_100b_firmware | * | |
| cisco | vedge_100b | - | |
| cisco | vedge_100m_firmware | * | |
| cisco | vedge_100m | - | |
| cisco | vedge_100wm_firmware | * | |
| cisco | vedge_100wm | - | |
| cisco | vedge-1000_firmware | * | |
| cisco | vedge-1000 | - | |
| cisco | vedge-2000_firmware | * | |
| cisco | vedge-2000 | - | |
| cisco | vedge-5000_firmware | * | |
| cisco | vedge-5000 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:vbond_orchestrator:-:*:*:*:*:*:*:*", matchCriteriaId: "BA648664-0734-4D02-8944-CA4DF4D756D6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vedge-plus:-:*:*:*:*:*:*:*", matchCriteriaId: "8828CED0-5B61-4BC9-B222-2295507E5FB7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vedge-pro:-:*:*:*:*:*:*:*", matchCriteriaId: "937B8016-77E1-4F8C-8701-6AFFE36F6A49", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vmanage_network_management:-:*:*:*:*:*:*:*", matchCriteriaId: "DDF9528B-1D1E-4CF2-ABA8-D01CC6F4A8BD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vsmart_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16884C-A2EE-4867-8806-6418E000078C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "07BDB466-E5FC-40FF-8400-836551AD4AE5", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-100:-:*:*:*:*:*:*:*", matchCriteriaId: "5D71E4AF-6E91-4493-A591-4D056D0E59C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "493ED5A7-3F08-4C2B-8259-F945088C42C4", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*", matchCriteriaId: "0811E0B5-889E-451E-B754-A8FEE32BDFA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7A89574B-5FA1-45D2-92F5-E6AE60B21AAC", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*", matchCriteriaId: "36973815-F46D-4ADA-B9DF-BCB70AC60BD3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A124EBDB-1E4D-44FF-8647-342ACB7FC536", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*", matchCriteriaId: "061A302C-8D35-4E80-93DA-916DA7E90C06", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F33875D3-8A95-4201-B385-FA63CCDBE103", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-1000:-:*:*:*:*:*:*:*", matchCriteriaId: "F718A859-BCDB-4DD0-819D-60ABE710F0A9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D486E57-9E41-4744-AB0C-56B706B6989C", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-2000:-:*:*:*:*:*:*:*", matchCriteriaId: "52EEF288-492C-4CE6-A082-631005C5E711", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C78995CF-3005-496D-A168-F9EEF09EEF44", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-5000:-:*:*:*:*:*:*:*", matchCriteriaId: "C0C5E2C9-7D4B-405C-93DD-33DF265131E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checks for certain values in packets that are sent to the Zero Touch Provisioning service of the affected software. An attacker could exploit this vulnerability by sending malicious packets to the affected software for processing. When the software processes the packets, a buffer overflow condition could occur and cause an affected device to reload. A successful exploit could allow the attacker to cause a temporary DoS condition while the device reloads. This vulnerability can be exploited only by traffic that is destined for an affected device. It cannot be exploited by traffic that is transiting a device. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69914.", }, { lang: "es", value: "Una vulnerabilidad en el el servicio Zero Touch Provisioning de Cisco SD-WAN Solution podría permitir que un atacante remoto sin autenticar provoque una denegación de servicio (DoS) en un sistema afectado. La vulnerabilidad se debe a comprobaciones de límites incorrectas para ciertos valores en los paquetes que se envían al servicio Zero Touch Provisioning del sistema afectado. Un atacante podría explotar esta vulnerabilidad mediante el envío de paquetes maliciosos al software afectado para procesarlos. Cuando el software procesa los paquetes, podría ocurrir una condición de desbordamiento de búfer y provocar que el dispositivo afectado se recargue. Su explotación con éxito podría permitir que el atacante provoque una denegación de servicio (DoS) temporal mientras se reinicia el dispositivo. Esta vulnerabilidad solo puede ser explotada por tráfico destinado a un dispositivo afectado. No puede ser explotada por tráfico que transita por un dispositivo. Esta vulnerabilidad afecta a los siguientes productos Cisco si ejecutan una versión de Cisco SD-WAN Solution anterior a la 18.3.0: vBond Orchestrator Software, vManage Network Management Software y vSmart Controller Software. Cisco Bug IDs: CSCvi69914.", }, ], id: "CVE-2018-0346", lastModified: "2024-11-21T03:38:01.710", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-18T23:29:00.447", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104855", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-dos", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104855", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-dos", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-05 14:29
Modified
2024-11-21 03:38
Severity ?
Summary
A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/105295 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-injection | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105295 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-injection | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vedge_100_firmware | * | |
| cisco | vedge_100 | - | |
| cisco | vedge_1000_firmware | * | |
| cisco | vedge_1000 | - | |
| cisco | vedge_2000_firmware | * | |
| cisco | vedge_2000 | - | |
| cisco | vedge_5000_firmware | * | |
| cisco | vedge_5000 | - | |
| cisco | vbond_orchestrator | - | |
| cisco | vedge_cloud_router_platform | - | |
| cisco | vmanage_network_management_system | - | |
| cisco | vsmart_controller | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9DA7EC35-E407-451C-A74C-7E56D802B868", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*", matchCriteriaId: "00AAB4DD-1C45-412F-84AA-C056A0BBFB9A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA91A271-08ED-40C9-885B-D2F67BBF2B7E", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*", matchCriteriaId: "F019975D-3A45-4522-9CB9-F4258C371DF6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35386A93-1EBF-4347-B916-E915D574AF15", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*", matchCriteriaId: "140AF13E-4463-478B-AA94-97406A80CB86", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BC8AC6B8-A07F-4E52-B2D0-F5EC3061060B", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1356861D-E6CA-4973-9597-629507E8C07E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:vbond_orchestrator:-:*:*:*:*:*:*:*", matchCriteriaId: "BA648664-0734-4D02-8944-CA4DF4D756D6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vedge_cloud_router_platform:-:*:*:*:*:*:*:*", matchCriteriaId: "E8872C5F-974E-4678-80FA-7C3FEC6B533B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vmanage_network_management_system:-:*:*:*:*:*:*:*", matchCriteriaId: "2D9794CD-0EE1-4203-A232-9365D4AEE837", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vsmart_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16884C-A2EE-4867-8806-6418E000078C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de línea de comandos (CLI) en Cisco SD-WAN Solution podría permitir que un atacante local autenticado inyecte comandos arbitrarios que se ejecutan con privilegios root. Esta vulnerabilidad se debe a una validación de entradas insuficiente. Un atacante podría explotar esta vulnerabilidad autenticándose en el dispositivo y enviando una entrada manipulada a la utilidad CLI. El atacante debe estar autenticado para acceder a la utilidad CLI. Su explotación con éxito podría permitir que el atacante ejecute comandos con privilegios root.", }, ], id: "CVE-2018-0433", lastModified: "2024-11-21T03:38:13.203", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-05T14:29:01.607", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105295", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-injection", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105295", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-injection", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-18 23:29
Modified
2024-11-21 03:38
Severity ?
Summary
A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that contain malicious code and are executed as the vmanage user of the configuration management system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69937.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/104859 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104859 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vbond_orchestrator | - | |
| cisco | vedge-plus | - | |
| cisco | vedge-pro | - | |
| cisco | vmanage_network_management | - | |
| cisco | vsmart_controller | - | |
| cisco | vedge-100_firmware | * | |
| cisco | vedge-100 | - | |
| cisco | vedge_100b_firmware | * | |
| cisco | vedge_100b | - | |
| cisco | vedge_100m_firmware | * | |
| cisco | vedge_100m | - | |
| cisco | vedge_100wm_firmware | * | |
| cisco | vedge_100wm | - | |
| cisco | vedge-1000_firmware | * | |
| cisco | vedge-1000 | - | |
| cisco | vedge-2000_firmware | * | |
| cisco | vedge-2000 | - | |
| cisco | vedge-5000_firmware | * | |
| cisco | vedge-5000 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:vbond_orchestrator:-:*:*:*:*:*:*:*", matchCriteriaId: "BA648664-0734-4D02-8944-CA4DF4D756D6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vedge-plus:-:*:*:*:*:*:*:*", matchCriteriaId: "8828CED0-5B61-4BC9-B222-2295507E5FB7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vedge-pro:-:*:*:*:*:*:*:*", matchCriteriaId: "937B8016-77E1-4F8C-8701-6AFFE36F6A49", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vmanage_network_management:-:*:*:*:*:*:*:*", matchCriteriaId: "DDF9528B-1D1E-4CF2-ABA8-D01CC6F4A8BD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vsmart_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16884C-A2EE-4867-8806-6418E000078C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "07BDB466-E5FC-40FF-8400-836551AD4AE5", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-100:-:*:*:*:*:*:*:*", matchCriteriaId: "5D71E4AF-6E91-4493-A591-4D056D0E59C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "493ED5A7-3F08-4C2B-8259-F945088C42C4", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*", matchCriteriaId: "0811E0B5-889E-451E-B754-A8FEE32BDFA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7A89574B-5FA1-45D2-92F5-E6AE60B21AAC", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*", matchCriteriaId: "36973815-F46D-4ADA-B9DF-BCB70AC60BD3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A124EBDB-1E4D-44FF-8647-342ACB7FC536", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*", matchCriteriaId: "061A302C-8D35-4E80-93DA-916DA7E90C06", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F33875D3-8A95-4201-B385-FA63CCDBE103", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-1000:-:*:*:*:*:*:*:*", matchCriteriaId: "F718A859-BCDB-4DD0-819D-60ABE710F0A9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D486E57-9E41-4744-AB0C-56B706B6989C", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-2000:-:*:*:*:*:*:*:*", matchCriteriaId: "52EEF288-492C-4CE6-A082-631005C5E711", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C78995CF-3005-496D-A168-F9EEF09EEF44", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-5000:-:*:*:*:*:*:*:*", matchCriteriaId: "C0C5E2C9-7D4B-405C-93DD-33DF265131E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that contain malicious code and are executed as the vmanage user of the configuration management system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69937.", }, { lang: "es", value: "Una vulnerabilidad en la base de datos de configuración y gestión de Cisco SD-WAN Solution podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios con privilegios de usuario vmanage en el sistema de gestión de configuración de un sistema afectado. La vulnerabilidad se debe a una validación insuficiente de argumentos de comando que se pasan a la base de datos de configuración y gestión del software afectado. Un atacante podría explotar esta vulnerabilidad creando funciones personalizadas que contienen código malicioso y se ejecutan como el usuario vmanage del sistema de gestión de configuración. Su explotación con éxito podría permitir que el atacante ejecute comandos arbitrarios con privilegios de usuario vmanage en el sistema de gestión de configuración del sistema afectado. Esta vulnerabilidad afecta a los siguientes productos Cisco si ejecutan una versión de Cisco SD-WAN Solution anterior a la 18.3.0: vBond Orchestrator Software, vManage Network Management Software y vSmart Controller Software. Cisco Bug IDs: CSCvi69937.", }, ], id: "CVE-2018-0345", lastModified: "2024-11-21T03:38:01.573", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-18T23:29:00.383", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104859", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104859", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-88", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-18 23:29
Modified
2024-11-21 03:38
Severity ?
Summary
A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient access restrictions to the HTTP management interface of the affected solution. An attacker could exploit this vulnerability by sending a malicious HTTP request to the affected management service through an authenticated device. A successful exploit could allow the attacker to execute arbitrary code with vmanage user privileges or stop HTTP services on an affected system. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69976.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/104861 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-code-ex | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104861 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-code-ex | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vbond_orchestrator | - | |
| cisco | vedge-plus | - | |
| cisco | vedge-pro | - | |
| cisco | vmanage_network_management | - | |
| cisco | vsmart_controller | - | |
| cisco | vedge-100_firmware | * | |
| cisco | vedge-100 | - | |
| cisco | vedge_100b_firmware | * | |
| cisco | vedge_100b | - | |
| cisco | vedge_100m_firmware | * | |
| cisco | vedge_100m | - | |
| cisco | vedge_100wm_firmware | * | |
| cisco | vedge_100wm | - | |
| cisco | vedge-1000_firmware | * | |
| cisco | vedge-1000 | - | |
| cisco | vedge-2000_firmware | * | |
| cisco | vedge-2000 | - | |
| cisco | vedge-5000_firmware | * | |
| cisco | vedge-5000 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:vbond_orchestrator:-:*:*:*:*:*:*:*", matchCriteriaId: "BA648664-0734-4D02-8944-CA4DF4D756D6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vedge-plus:-:*:*:*:*:*:*:*", matchCriteriaId: "8828CED0-5B61-4BC9-B222-2295507E5FB7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vedge-pro:-:*:*:*:*:*:*:*", matchCriteriaId: "937B8016-77E1-4F8C-8701-6AFFE36F6A49", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vmanage_network_management:-:*:*:*:*:*:*:*", matchCriteriaId: "DDF9528B-1D1E-4CF2-ABA8-D01CC6F4A8BD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vsmart_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16884C-A2EE-4867-8806-6418E000078C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "07BDB466-E5FC-40FF-8400-836551AD4AE5", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-100:-:*:*:*:*:*:*:*", matchCriteriaId: "5D71E4AF-6E91-4493-A591-4D056D0E59C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "493ED5A7-3F08-4C2B-8259-F945088C42C4", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*", matchCriteriaId: "0811E0B5-889E-451E-B754-A8FEE32BDFA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7A89574B-5FA1-45D2-92F5-E6AE60B21AAC", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*", matchCriteriaId: "36973815-F46D-4ADA-B9DF-BCB70AC60BD3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A124EBDB-1E4D-44FF-8647-342ACB7FC536", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*", matchCriteriaId: "061A302C-8D35-4E80-93DA-916DA7E90C06", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F33875D3-8A95-4201-B385-FA63CCDBE103", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-1000:-:*:*:*:*:*:*:*", matchCriteriaId: "F718A859-BCDB-4DD0-819D-60ABE710F0A9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D486E57-9E41-4744-AB0C-56B706B6989C", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-2000:-:*:*:*:*:*:*:*", matchCriteriaId: "52EEF288-492C-4CE6-A082-631005C5E711", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C78995CF-3005-496D-A168-F9EEF09EEF44", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-5000:-:*:*:*:*:*:*:*", matchCriteriaId: "C0C5E2C9-7D4B-405C-93DD-33DF265131E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient access restrictions to the HTTP management interface of the affected solution. An attacker could exploit this vulnerability by sending a malicious HTTP request to the affected management service through an authenticated device. A successful exploit could allow the attacker to execute arbitrary code with vmanage user privileges or stop HTTP services on an affected system. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69976.", }, { lang: "es", value: "Una vulnerabilidad en el servicio de configuración y gestión de Cisco SD-WAN Solution podría permitir que un atacante remoto autenticado ejecute código arbitrario con privilegios de usuario vmanage o provoque una condición de denegación de servicio (DoS) en un sistema afectado. La vulnerabilidad se debe a las restricciones de acceso insuficientes en la interfaz de gestión HTTP de la solución afectada. Un atacante podría explotar esta vulnerabilidad enviando una petición HTTP maliciosa al servicio de gestión afectado mediante un dispositivo autenticado. Su explotación con éxito podría permitir que el atacante ejecute código arbitrario con privilegios de usuario vmanage o detenga los servicios HTTP en un sistema afectado. Esta vulnerabilidad afecta a los siguientes productos Cisco si están ejecutando una versión de Cisco SD-WAN Solution anterior a la 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software y vSmart Controller Software. Cisco Bug IDs: CSCvi69976.", }, ], id: "CVE-2018-0343", lastModified: "2024-11-21T03:38:01.300", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-18T23:29:00.290", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104861", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-code-ex", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104861", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-code-ex", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-24 15:29
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the group configuration. An attacker could exploit this vulnerability by writing a crafted file to the directory where the user group configuration is located in the underlying operating system. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/106719 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-sol-escal | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106719 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-sol-escal | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vedge_100_firmware | * | |
| cisco | vedge_100 | - | |
| cisco | vedge_1000_firmware | * | |
| cisco | vedge_1000 | - | |
| cisco | vedge_2000_firmware | * | |
| cisco | vedge_2000 | - | |
| cisco | vedge_5000_firmware | * | |
| cisco | vedge_5000 | - | |
| cisco | sd-wan | * | |
| cisco | vbond_orchestrator | - | |
| cisco | vmanage_network_management | - | |
| cisco | vsmart_controller | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8569BEE0-3BDA-4349-9FAC-6ACE0A4E3C28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*", matchCriteriaId: "00AAB4DD-1C45-412F-84AA-C056A0BBFB9A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "93A1525E-AB99-4217-8C31-1F040710B155", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*", matchCriteriaId: "F019975D-3A45-4522-9CB9-F4258C371DF6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "50272035-AE86-4BD5-88FA-929157267BC8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*", matchCriteriaId: "140AF13E-4463-478B-AA94-97406A80CB86", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACE381F7-295F-4F05-84B0-3F07E099AD59", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1356861D-E6CA-4973-9597-629507E8C07E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*", matchCriteriaId: "698D777B-1AB1-4A54-98EC-8948BF287DA9", versionEndExcluding: "18.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vbond_orchestrator:-:*:*:*:*:*:*:*", matchCriteriaId: "BA648664-0734-4D02-8944-CA4DF4D756D6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vmanage_network_management:-:*:*:*:*:*:*:*", matchCriteriaId: "DDF9528B-1D1E-4CF2-ABA8-D01CC6F4A8BD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vsmart_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16884C-A2EE-4867-8806-6418E000078C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the group configuration. An attacker could exploit this vulnerability by writing a crafted file to the directory where the user group configuration is located in the underlying operating system. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.", }, { lang: "es", value: "Una vulnerabilidad en la configuración del grupo de usuarios de la solución Cisco SD-WAN podría permitir a un atacante local autenticado obtener privilegios elevados en un dispositivo afectado. La vulnerabilidad se debe a un error a la hora de validar correctamente ciertos parámetros incluidos en la configuración \"group\". Un atacante podría explotar esta vulnerabilidad escribiendo un archivo manipulado en el directorio donde la configuración \"user group\" está ubicada en el sistema operativo subyacente. Un exploit exitoso podría permitir que el atacante obtenga privilegios de nivel root y obtenga el control total del dispositivo.", }, ], id: "CVE-2019-1648", lastModified: "2024-11-21T04:37:00.493", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-24T15:29:00.767", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106719", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-sol-escal", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106719", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-sol-escal", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-18 23:29
Modified
2024-11-21 03:38
Severity ?
Summary
A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete bounds checks for data that is provided by the configuration and monitoring service of the affected solution. An attacker could exploit this vulnerability by sending malicious data to the vDaemon listening service on an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, which could allow the attacker to execute arbitrary code with root privileges on the device or cause the vDaemon listening service to reload and result in a DoS condition on the device. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi70003.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/104877 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-bo | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104877 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-bo | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vbond_orchestrator | - | |
| cisco | vedge-plus | - | |
| cisco | vedge-pro | - | |
| cisco | vmanage_network_management | - | |
| cisco | vsmart_controller | - | |
| cisco | vedge-100_firmware | * | |
| cisco | vedge-100 | - | |
| cisco | vedge_100b_firmware | * | |
| cisco | vedge_100b | - | |
| cisco | vedge_100m_firmware | * | |
| cisco | vedge_100m | - | |
| cisco | vedge_100wm_firmware | * | |
| cisco | vedge_100wm | - | |
| cisco | vedge-1000_firmware | * | |
| cisco | vedge-1000 | - | |
| cisco | vedge-2000_firmware | * | |
| cisco | vedge-2000 | - | |
| cisco | vedge-5000_firmware | * | |
| cisco | vedge-5000 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:vbond_orchestrator:-:*:*:*:*:*:*:*", matchCriteriaId: "BA648664-0734-4D02-8944-CA4DF4D756D6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vedge-plus:-:*:*:*:*:*:*:*", matchCriteriaId: "8828CED0-5B61-4BC9-B222-2295507E5FB7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vedge-pro:-:*:*:*:*:*:*:*", matchCriteriaId: "937B8016-77E1-4F8C-8701-6AFFE36F6A49", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vmanage_network_management:-:*:*:*:*:*:*:*", matchCriteriaId: "DDF9528B-1D1E-4CF2-ABA8-D01CC6F4A8BD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vsmart_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16884C-A2EE-4867-8806-6418E000078C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "07BDB466-E5FC-40FF-8400-836551AD4AE5", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-100:-:*:*:*:*:*:*:*", matchCriteriaId: "5D71E4AF-6E91-4493-A591-4D056D0E59C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "493ED5A7-3F08-4C2B-8259-F945088C42C4", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*", matchCriteriaId: "0811E0B5-889E-451E-B754-A8FEE32BDFA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7A89574B-5FA1-45D2-92F5-E6AE60B21AAC", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*", matchCriteriaId: "36973815-F46D-4ADA-B9DF-BCB70AC60BD3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A124EBDB-1E4D-44FF-8647-342ACB7FC536", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*", matchCriteriaId: "061A302C-8D35-4E80-93DA-916DA7E90C06", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F33875D3-8A95-4201-B385-FA63CCDBE103", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-1000:-:*:*:*:*:*:*:*", matchCriteriaId: "F718A859-BCDB-4DD0-819D-60ABE710F0A9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D486E57-9E41-4744-AB0C-56B706B6989C", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-2000:-:*:*:*:*:*:*:*", matchCriteriaId: "52EEF288-492C-4CE6-A082-631005C5E711", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C78995CF-3005-496D-A168-F9EEF09EEF44", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-5000:-:*:*:*:*:*:*:*", matchCriteriaId: "C0C5E2C9-7D4B-405C-93DD-33DF265131E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete bounds checks for data that is provided by the configuration and monitoring service of the affected solution. An attacker could exploit this vulnerability by sending malicious data to the vDaemon listening service on an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, which could allow the attacker to execute arbitrary code with root privileges on the device or cause the vDaemon listening service to reload and result in a DoS condition on the device. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi70003.", }, { lang: "es", value: "Una vulnerabilidad en el servicio de configuración y monitorización de Cisco SD-WAN Solution podría permitir que un atacante local autenticado ejecute código arbitrario con privilegios root o provoque una condición de denegación de servicio (DoS) en un dispositivo afectado. La vulnerabilidad se debe a comprobaciones de límites incompletas para los datos proporcionados por el servicio de configuración y monitorización de la solución afectada. Un atacante podría explotar esta vulnerabilidad mediante el envío de datos maliciosos al servicio en escucha de vDaemon en un dispositivo afectado. Su explotación con éxito podría permitir que el atacante provoque un desbordamiento de búfer en el dispositivo afectado que le permitiría ejecutar código arbitrario con privilegios root o provocar que el servicio en escucha de vDaemon se recargue y resulte en una condición de denegación de servicio (DoS). Esta vulnerabilidad afecta a los siguientes productos Cisco si están ejecutando una versión de Cisco SD-WAN Solution anterior a la 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software y vSmart Controller Software. Cisco Bug IDs: CSCvi70003.", }, ], id: "CVE-2018-0342", lastModified: "2024-11-21T03:38:01.167", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-18T23:29:00.243", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104877", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-bo", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104877", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-bo", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-18 23:29
Modified
2024-11-21 03:38
Severity ?
Summary
A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page. The attacker must be authenticated to access the affected parameter. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69808, CSCvi69810, CSCvi69814, CSCvi69822, CSCvi69827, CSCvi69828, CSCvi69836.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/104874 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdinj | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104874 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdinj | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vbond_orchestrator | - | |
| cisco | vedge-plus | - | |
| cisco | vedge-pro | - | |
| cisco | vmanage_network_management | - | |
| cisco | vsmart_controller | - | |
| cisco | vedge-100_firmware | * | |
| cisco | vedge-100 | - | |
| cisco | vedge_100b_firmware | * | |
| cisco | vedge_100b | - | |
| cisco | vedge_100m_firmware | * | |
| cisco | vedge_100m | - | |
| cisco | vedge_100wm_firmware | * | |
| cisco | vedge_100wm | - | |
| cisco | vedge-1000_firmware | * | |
| cisco | vedge-1000 | - | |
| cisco | vedge-2000_firmware | * | |
| cisco | vedge-2000 | - | |
| cisco | vedge-5000_firmware | * | |
| cisco | vedge-5000 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:vbond_orchestrator:-:*:*:*:*:*:*:*", matchCriteriaId: "BA648664-0734-4D02-8944-CA4DF4D756D6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vedge-plus:-:*:*:*:*:*:*:*", matchCriteriaId: "8828CED0-5B61-4BC9-B222-2295507E5FB7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vedge-pro:-:*:*:*:*:*:*:*", matchCriteriaId: "937B8016-77E1-4F8C-8701-6AFFE36F6A49", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vmanage_network_management:-:*:*:*:*:*:*:*", matchCriteriaId: "DDF9528B-1D1E-4CF2-ABA8-D01CC6F4A8BD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vsmart_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16884C-A2EE-4867-8806-6418E000078C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "07BDB466-E5FC-40FF-8400-836551AD4AE5", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-100:-:*:*:*:*:*:*:*", matchCriteriaId: "5D71E4AF-6E91-4493-A591-4D056D0E59C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "493ED5A7-3F08-4C2B-8259-F945088C42C4", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*", matchCriteriaId: "0811E0B5-889E-451E-B754-A8FEE32BDFA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7A89574B-5FA1-45D2-92F5-E6AE60B21AAC", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*", matchCriteriaId: "36973815-F46D-4ADA-B9DF-BCB70AC60BD3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A124EBDB-1E4D-44FF-8647-342ACB7FC536", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*", matchCriteriaId: "061A302C-8D35-4E80-93DA-916DA7E90C06", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F33875D3-8A95-4201-B385-FA63CCDBE103", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-1000:-:*:*:*:*:*:*:*", matchCriteriaId: "F718A859-BCDB-4DD0-819D-60ABE710F0A9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D486E57-9E41-4744-AB0C-56B706B6989C", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-2000:-:*:*:*:*:*:*:*", matchCriteriaId: "52EEF288-492C-4CE6-A082-631005C5E711", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C78995CF-3005-496D-A168-F9EEF09EEF44", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-5000:-:*:*:*:*:*:*:*", matchCriteriaId: "C0C5E2C9-7D4B-405C-93DD-33DF265131E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page. The attacker must be authenticated to access the affected parameter. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69808, CSCvi69810, CSCvi69814, CSCvi69822, CSCvi69827, CSCvi69828, CSCvi69836.", }, { lang: "es", value: "Una vulnerabilidad en la configuración del subsistema VPN de Cisco SD-WAN Solution podría permitir que un atacante remoto autenticado inyecte comandos arbitrarios que se ejecutan con privilegios root. Esta vulnerabilidad se debe a una validación de entradas insuficiente. Un atacante podría explotar esta vulnerabilidad autenticándose en el dispositivo y enviando entradas manipuladas al parámetro afectado en una página web. El atacante debe estar autenticado para acceder al parámetro afectado. Su explotación con éxito podría permitir que el atacante ejecute comandos con privilegios root. Esta vulnerabilidad afecta a los siguientes productos Cisco si están ejecutando una versión de Cisco SD-WAN Solution anterior a la 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software y vSmart Controller Software. Cisco Bug IDs: CSCvi69808, CSCvi69810, CSCvi69814, CSCvi69822, CSCvi69827, CSCvi69828, CSCvi69836.", }, ], id: "CVE-2018-0350", lastModified: "2024-11-21T03:38:02.270", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-18T23:29:00.633", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104874", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdinj", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104874", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdinj", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-18 23:29
Modified
2024-11-21 03:38
Severity ?
Summary
A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69974.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/104868 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-cmd-inject | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104868 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-cmd-inject | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vbond_orchestrator | - | |
| cisco | vedge-plus | - | |
| cisco | vedge-pro | - | |
| cisco | vmanage_network_management | - | |
| cisco | vsmart_controller | - | |
| cisco | vedge-100_firmware | * | |
| cisco | vedge-100 | - | |
| cisco | vedge_100b_firmware | * | |
| cisco | vedge_100b | - | |
| cisco | vedge_100m_firmware | * | |
| cisco | vedge_100m | - | |
| cisco | vedge_100wm_firmware | * | |
| cisco | vedge_100wm | - | |
| cisco | vedge-1000_firmware | * | |
| cisco | vedge-1000 | - | |
| cisco | vedge-2000_firmware | * | |
| cisco | vedge-2000 | - | |
| cisco | vedge-5000_firmware | * | |
| cisco | vedge-5000 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:vbond_orchestrator:-:*:*:*:*:*:*:*", matchCriteriaId: "BA648664-0734-4D02-8944-CA4DF4D756D6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vedge-plus:-:*:*:*:*:*:*:*", matchCriteriaId: "8828CED0-5B61-4BC9-B222-2295507E5FB7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vedge-pro:-:*:*:*:*:*:*:*", matchCriteriaId: "937B8016-77E1-4F8C-8701-6AFFE36F6A49", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vmanage_network_management:-:*:*:*:*:*:*:*", matchCriteriaId: "DDF9528B-1D1E-4CF2-ABA8-D01CC6F4A8BD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vsmart_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16884C-A2EE-4867-8806-6418E000078C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "07BDB466-E5FC-40FF-8400-836551AD4AE5", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-100:-:*:*:*:*:*:*:*", matchCriteriaId: "5D71E4AF-6E91-4493-A591-4D056D0E59C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "493ED5A7-3F08-4C2B-8259-F945088C42C4", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*", matchCriteriaId: "0811E0B5-889E-451E-B754-A8FEE32BDFA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7A89574B-5FA1-45D2-92F5-E6AE60B21AAC", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*", matchCriteriaId: "36973815-F46D-4ADA-B9DF-BCB70AC60BD3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A124EBDB-1E4D-44FF-8647-342ACB7FC536", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*", matchCriteriaId: "061A302C-8D35-4E80-93DA-916DA7E90C06", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F33875D3-8A95-4201-B385-FA63CCDBE103", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-1000:-:*:*:*:*:*:*:*", matchCriteriaId: "F718A859-BCDB-4DD0-819D-60ABE710F0A9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D486E57-9E41-4744-AB0C-56B706B6989C", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-2000:-:*:*:*:*:*:*:*", matchCriteriaId: "52EEF288-492C-4CE6-A082-631005C5E711", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C78995CF-3005-496D-A168-F9EEF09EEF44", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-5000:-:*:*:*:*:*:*:*", matchCriteriaId: "C0C5E2C9-7D4B-405C-93DD-33DF265131E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69974.", }, { lang: "es", value: "Una vulnerabilidad en el panel de control vManage para el servicio de configuración y gestión de Cisco SD-WAN Solution podría permitir que un atacante remoto autenticado inyecte y ejecute comandos arbitrarios con privilegios de usuario vmanage en un sistema afectado. La vulnerabilidad se debe a una validación de entrada insuficiente de parámetros de datos para ciertos campos de la solución afectada. Un atacante podría explotar esta vulnerabilidad configurando un usuario malicioso en la página de inicio de sesión de la solución afectada. Su explotación con éxito podría permitir que el atacante inyecte y ejecute comandos arbitrarios con privilegios de usuario vmanage en un sistema afectado. Esta vulnerabilidad afecta a los siguientes productos Cisco si están ejecutando una versión de Cisco SD-WAN Solution anterior a la 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software y vSmart Controller Software. Cisco Bug IDs: CSCvi69974.", }, ], id: "CVE-2018-0344", lastModified: "2024-11-21T03:38:01.440", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-18T23:29:00.337", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104868", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-cmd-inject", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104868", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-cmd-inject", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-16 18:15
Modified
2024-11-21 05:30
Severity ?
Summary
A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain administrative privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | sd-wan_firmware | * | |
| cisco | vedge_100 | - | |
| cisco | vedge_1000 | - | |
| cisco | vedge_100b | - | |
| cisco | vedge_100m | - | |
| cisco | vedge_100wm | - | |
| cisco | vedge_2000 | - | |
| cisco | vedge_5000 | - | |
| cisco | vbond_orchestrator | - | |
| cisco | vsmart_controller | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:sd-wan_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "484C01EF-C2DE-43DB-8C3F-C2C013A182FE", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*", matchCriteriaId: "00AAB4DD-1C45-412F-84AA-C056A0BBFB9A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*", matchCriteriaId: "F019975D-3A45-4522-9CB9-F4258C371DF6", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*", matchCriteriaId: "0811E0B5-889E-451E-B754-A8FEE32BDFA2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*", matchCriteriaId: "36973815-F46D-4ADA-B9DF-BCB70AC60BD3", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*", matchCriteriaId: "061A302C-8D35-4E80-93DA-916DA7E90C06", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*", matchCriteriaId: "140AF13E-4463-478B-AA94-97406A80CB86", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1356861D-E6CA-4973-9597-629507E8C07E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:vbond_orchestrator:-:*:*:*:*:*:*:*", matchCriteriaId: "BA648664-0734-4D02-8944-CA4DF4D756D6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vsmart_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16884C-A2EE-4867-8806-6418E000078C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain administrative privileges.", }, { lang: "es", value: "Una vulnerabilidad en Cisco SD-WAN Solution Software podría permitir a un atacante local autenticado elevar los privilegios a Administrator en el sistema operativo subyacente. La vulnerabilidad es debido a una comprobación de entrada insuficiente. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición diseñada hacia un sistema afectado. Una explotación con éxito podría permitir al atacante conseguir privilegios administrativos", }, ], id: "CVE-2020-3379", lastModified: "2024-11-21T05:30:54.907", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.4, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-16T18:15:18.690", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmpresc-SyzcS4kC", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmpresc-SyzcS4kC", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-18 23:29
Modified
2024-11-21 03:38
Severity ?
Summary
A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the tcpdump utility. The attacker must be authenticated to access the tcpdump utility. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69751.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/104860 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-coinj | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104860 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-coinj | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vbond_orchestrator | - | |
| cisco | vedge-plus | - | |
| cisco | vedge-pro | - | |
| cisco | vmanage_network_management | - | |
| cisco | vsmart_controller | - | |
| cisco | vedge-100_firmware | * | |
| cisco | vedge-100 | - | |
| cisco | vedge_100b_firmware | * | |
| cisco | vedge_100b | - | |
| cisco | vedge_100m_firmware | * | |
| cisco | vedge_100m | - | |
| cisco | vedge_100wm_firmware | * | |
| cisco | vedge_100wm | - | |
| cisco | vedge-1000_firmware | * | |
| cisco | vedge-1000 | - | |
| cisco | vedge-2000_firmware | * | |
| cisco | vedge-2000 | - | |
| cisco | vedge-5000_firmware | * | |
| cisco | vedge-5000 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:vbond_orchestrator:-:*:*:*:*:*:*:*", matchCriteriaId: "BA648664-0734-4D02-8944-CA4DF4D756D6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vedge-plus:-:*:*:*:*:*:*:*", matchCriteriaId: "8828CED0-5B61-4BC9-B222-2295507E5FB7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vedge-pro:-:*:*:*:*:*:*:*", matchCriteriaId: "937B8016-77E1-4F8C-8701-6AFFE36F6A49", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vmanage_network_management:-:*:*:*:*:*:*:*", matchCriteriaId: "DDF9528B-1D1E-4CF2-ABA8-D01CC6F4A8BD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vsmart_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16884C-A2EE-4867-8806-6418E000078C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "07BDB466-E5FC-40FF-8400-836551AD4AE5", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-100:-:*:*:*:*:*:*:*", matchCriteriaId: "5D71E4AF-6E91-4493-A591-4D056D0E59C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "493ED5A7-3F08-4C2B-8259-F945088C42C4", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*", matchCriteriaId: "0811E0B5-889E-451E-B754-A8FEE32BDFA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7A89574B-5FA1-45D2-92F5-E6AE60B21AAC", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*", matchCriteriaId: "36973815-F46D-4ADA-B9DF-BCB70AC60BD3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A124EBDB-1E4D-44FF-8647-342ACB7FC536", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*", matchCriteriaId: "061A302C-8D35-4E80-93DA-916DA7E90C06", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F33875D3-8A95-4201-B385-FA63CCDBE103", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-1000:-:*:*:*:*:*:*:*", matchCriteriaId: "F718A859-BCDB-4DD0-819D-60ABE710F0A9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D486E57-9E41-4744-AB0C-56B706B6989C", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-2000:-:*:*:*:*:*:*:*", matchCriteriaId: "52EEF288-492C-4CE6-A082-631005C5E711", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C78995CF-3005-496D-A168-F9EEF09EEF44", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-5000:-:*:*:*:*:*:*:*", matchCriteriaId: "C0C5E2C9-7D4B-405C-93DD-33DF265131E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the tcpdump utility. The attacker must be authenticated to access the tcpdump utility. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69751.", }, { lang: "es", value: "Una vulnerabilidad en la utilidad de línea de comandos tcpdump de Cisco SD-WAN Solution podría permitir que un atacante local autenticado inyecte comandos arbitrarios que se ejecutan con privilegios root. Esta vulnerabilidad se debe a una validación de entradas insuficiente. Un atacante podría explotar esta vulnerabilidad autenticándose en el dispositivo y enviando entradas manipuladas a la utilidad tcpdump. El atacante debe estar autenticado para acceder a la utilidad tcpdump. Su explotación con éxito podría permitir que el atacante ejecute comandos con privilegios root. Esta vulnerabilidad afecta a los siguientes productos Cisco si están ejecutando una versión de Cisco SD-WAN Solution anterior a la 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software y vSmart Controller Software. Cisco Bug IDs: CSCvi69751.", }, ], id: "CVE-2018-0351", lastModified: "2024-11-21T03:38:02.407", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-18T23:29:00.680", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104860", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-coinj", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104860", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-coinj", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-18 23:29
Modified
2024-11-21 03:38
Severity ?
Summary
A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the load command within the VPN subsystem. The attacker must be authenticated to access the affected CLI parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69866.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/104875 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdnjct | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104875 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdnjct | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vbond_orchestrator | - | |
| cisco | vedge-plus | - | |
| cisco | vedge-pro | - | |
| cisco | vmanage_network_management | - | |
| cisco | vsmart_controller | - | |
| cisco | vedge-100_firmware | * | |
| cisco | vedge-100 | - | |
| cisco | vedge_100b_firmware | * | |
| cisco | vedge_100b | - | |
| cisco | vedge_100m_firmware | * | |
| cisco | vedge_100m | - | |
| cisco | vedge_100wm_firmware | * | |
| cisco | vedge_100wm | - | |
| cisco | vedge-1000_firmware | * | |
| cisco | vedge-1000 | - | |
| cisco | vedge-2000_firmware | * | |
| cisco | vedge-2000 | - | |
| cisco | vedge-5000_firmware | * | |
| cisco | vedge-5000 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:vbond_orchestrator:-:*:*:*:*:*:*:*", matchCriteriaId: "BA648664-0734-4D02-8944-CA4DF4D756D6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vedge-plus:-:*:*:*:*:*:*:*", matchCriteriaId: "8828CED0-5B61-4BC9-B222-2295507E5FB7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vedge-pro:-:*:*:*:*:*:*:*", matchCriteriaId: "937B8016-77E1-4F8C-8701-6AFFE36F6A49", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vmanage_network_management:-:*:*:*:*:*:*:*", matchCriteriaId: "DDF9528B-1D1E-4CF2-ABA8-D01CC6F4A8BD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vsmart_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16884C-A2EE-4867-8806-6418E000078C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "07BDB466-E5FC-40FF-8400-836551AD4AE5", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-100:-:*:*:*:*:*:*:*", matchCriteriaId: "5D71E4AF-6E91-4493-A591-4D056D0E59C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "493ED5A7-3F08-4C2B-8259-F945088C42C4", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*", matchCriteriaId: "0811E0B5-889E-451E-B754-A8FEE32BDFA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7A89574B-5FA1-45D2-92F5-E6AE60B21AAC", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*", matchCriteriaId: "36973815-F46D-4ADA-B9DF-BCB70AC60BD3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A124EBDB-1E4D-44FF-8647-342ACB7FC536", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*", matchCriteriaId: "061A302C-8D35-4E80-93DA-916DA7E90C06", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F33875D3-8A95-4201-B385-FA63CCDBE103", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-1000:-:*:*:*:*:*:*:*", matchCriteriaId: "F718A859-BCDB-4DD0-819D-60ABE710F0A9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D486E57-9E41-4744-AB0C-56B706B6989C", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-2000:-:*:*:*:*:*:*:*", matchCriteriaId: "52EEF288-492C-4CE6-A082-631005C5E711", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge-5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C78995CF-3005-496D-A168-F9EEF09EEF44", versionEndExcluding: "18.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge-5000:-:*:*:*:*:*:*:*", matchCriteriaId: "C0C5E2C9-7D4B-405C-93DD-33DF265131E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the load command within the VPN subsystem. The attacker must be authenticated to access the affected CLI parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69866.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de línea de comandos de Cisco SD-WAN podría permitir que un atacante remoto autenticado inyecte comandos arbitrarios que se ejecutan con privilegios root. Esta vulnerabilidad se debe a una validación de entradas insuficiente. Un atacante podría explotar esta vulnerabilidad autenticándose en el dispositivo y enviando entradas maliciosas al al comando load en el subsistema VPN. El atacante debe estar autenticado para acceder al parámetro de la interfaz de línea de comandos afectado. Su explotación con éxito podría permitir que el atacante ejecute comandos con privilegios root. Esta vulnerabilidad afecta a los siguientes productos Cisco si están ejecutando una versión de Cisco SD-WAN Solution anterior a la 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software y vSmart Controller Software. Cisco Bug IDs: CSCvi69866.", }, ], id: "CVE-2018-0348", lastModified: "2024-11-21T03:38:01.997", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-18T23:29:00.527", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104875", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdnjct", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104875", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdnjct", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-24 15:29
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the save command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/106716 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-file-write | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106716 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-file-write | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vedge_100_firmware | * | |
| cisco | vedge_100 | - | |
| cisco | vedge_1000_firmware | * | |
| cisco | vedge_1000 | - | |
| cisco | vedge_2000_firmware | * | |
| cisco | vedge_2000 | - | |
| cisco | vedge_5000_firmware | * | |
| cisco | vedge_5000 | - | |
| cisco | sd-wan | * | |
| cisco | vbond_orchestrator | - | |
| cisco | vmanage_network_management | - | |
| cisco | vsmart_controller | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8569BEE0-3BDA-4349-9FAC-6ACE0A4E3C28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*", matchCriteriaId: "00AAB4DD-1C45-412F-84AA-C056A0BBFB9A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "93A1525E-AB99-4217-8C31-1F040710B155", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*", matchCriteriaId: "F019975D-3A45-4522-9CB9-F4258C371DF6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "50272035-AE86-4BD5-88FA-929157267BC8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*", matchCriteriaId: "140AF13E-4463-478B-AA94-97406A80CB86", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACE381F7-295F-4F05-84B0-3F07E099AD59", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1356861D-E6CA-4973-9597-629507E8C07E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*", matchCriteriaId: "698D777B-1AB1-4A54-98EC-8948BF287DA9", versionEndExcluding: "18.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vbond_orchestrator:-:*:*:*:*:*:*:*", matchCriteriaId: "BA648664-0734-4D02-8944-CA4DF4D756D6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vmanage_network_management:-:*:*:*:*:*:*:*", matchCriteriaId: "DDF9528B-1D1E-4CF2-ABA8-D01CC6F4A8BD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:vsmart_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16884C-A2EE-4867-8806-6418E000078C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the save command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user.", }, { lang: "es", value: "Una vulnerabilidad en la solución Cisco SD-WAN podría permitir a un atacante remoto autenticado sobrescribir archivos arbitrarios en el sistema operativo subyacente de un dispositivo afectado. La vulnerabilidad se debe a una validación de entrada incorrecta del comando save en la interfaz de línea de comandos (CLI) del software afectado. Un atacante podría explotar esta vulnerabilidad modificando el comando save en la CLI de un dispositivo afectado. Si se explota esta vulnerabilidad con éxito, el atacante podría sobrescribir archivos arbitrarios en el sistema operativo subyacente de un dispositivo afectado y escalar sus privilegios a usuario root.", }, ], id: "CVE-2019-1650", lastModified: "2024-11-21T04:37:00.823", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-24T15:29:00.830", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106716", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-file-write", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106716", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-file-write", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }