cnvd-2018-21254
Vulnerability from cnvd

Title: Cisco SD-WAN证书验证安全绕过漏洞

Description:

Cisco vEdge 100 Series Routers等都是美国思科(Cisco)公司的不同系列的路由器产品。SD-WAN Solution是运行在其中的一套网络扩展解决方案。

Cisco SD-WAN Solution 17.2.8之前版本和18.3.1之前版本中存在安全漏洞,该漏洞源于程序未能正确的验证证书。远程攻击者可通过向受影响的设备提交使用特制证书所签名的系统镜像利用该漏洞绕过证书检测,部署特制的系统镜像。

Severity:

Patch Name: Cisco SD-WAN证书验证安全绕过漏洞的补丁

Patch Description:

Cisco vEdge 100 Series Routers等都是美国思科(Cisco)公司的不同系列的路由器产品。SD-WAN Solution是运行在其中的一套网络扩展解决方案。

Cisco SD-WAN Solution 17.2.8之前版本和18.3.1之前版本中存在安全漏洞,该漏洞源于程序未能正确的验证证书。远程攻击者可通过向受影响的设备提交使用特制证书所签名的系统镜像利用该漏洞绕过证书检测,部署特制的系统镜像。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

用户可参考如下厂商提供的安全补丁以修复该漏洞: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-sd-wan-bypass

Reference: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-sd-wan-bypass

Impacted products
Name
['Cisco vBond Orchestrator Software', 'Cisco vManage Network Management Software', 'Cisco vSmart Controller Software', 'Cisco vEdge Cloud Router Platform', 'Cisco vEdge 5000 Series Routers', 'Cisco vEdge 2000 Series Routers', 'Cisco vEdge 100 Series Routers']
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "105509"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-15387"
    }
  },
  "description": "Cisco vEdge 100 Series Routers\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e0d\u540c\u7cfb\u5217\u7684\u8def\u7531\u5668\u4ea7\u54c1\u3002SD-WAN Solution\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u7f51\u7edc\u6269\u5c55\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCisco SD-WAN Solution 17.2.8\u4e4b\u524d\u7248\u672c\u548c18.3.1\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u9a8c\u8bc1\u8bc1\u4e66\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u63d0\u4ea4\u4f7f\u7528\u7279\u5236\u8bc1\u4e66\u6240\u7b7e\u540d\u7684\u7cfb\u7edf\u955c\u50cf\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8bc1\u4e66\u68c0\u6d4b\uff0c\u90e8\u7f72\u7279\u5236\u7684\u7cfb\u7edf\u955c\u50cf\u3002",
  "discovererName": "Joe Ksiazek",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-sd-wan-bypass",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-21254",
  "openTime": "2018-10-18",
  "patchDescription": "Cisco vEdge 100 Series Routers\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e0d\u540c\u7cfb\u5217\u7684\u8def\u7531\u5668\u4ea7\u54c1\u3002SD-WAN Solution\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u7f51\u7edc\u6269\u5c55\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCisco SD-WAN Solution 17.2.8\u4e4b\u524d\u7248\u672c\u548c18.3.1\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u9a8c\u8bc1\u8bc1\u4e66\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u63d0\u4ea4\u4f7f\u7528\u7279\u5236\u8bc1\u4e66\u6240\u7b7e\u540d\u7684\u7cfb\u7edf\u955c\u50cf\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8bc1\u4e66\u68c0\u6d4b\uff0c\u90e8\u7f72\u7279\u5236\u7684\u7cfb\u7edf\u955c\u50cf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco SD-WAN\u8bc1\u4e66\u9a8c\u8bc1\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco vBond Orchestrator Software",
      "Cisco vManage Network Management Software",
      "Cisco vSmart Controller Software",
      "Cisco vEdge Cloud Router Platform",
      "Cisco vEdge 5000 Series Routers",
      "Cisco vEdge 2000 Series Routers",
      "Cisco vEdge 100 Series Routers"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-sd-wan-bypass",
  "serverity": "\u9ad8",
  "submitTime": "2018-10-09",
  "title": "Cisco SD-WAN\u8bc1\u4e66\u9a8c\u8bc1\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.