First published: Fri Oct 05 2018(Updated: )
A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the error reporting application configuration. An attacker could exploit this vulnerability by sending a crafted command to the error reporting feature. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Vedge 100 Firmware | <18.3.0 | |
Cisco Vedge 100 | ||
Cisco Vedge 1000 Firmware | <18.3.0 | |
Cisco Vedge 1000 | ||
Cisco Vedge 2000 Firmware | <18.3.0 | |
Cisco Vedge 2000 | ||
Cisco Vedge 5000 Firmware | <18.3.0 | |
Cisco Vedge 5000 | ||
Cisco Vmanage Network Management System |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-0432 is a vulnerability in the error reporting feature of the Cisco SD-WAN Solution that could allow an authenticated, remote attacker to gain elevated privileges on an affected device.
CVE-2018-0432 has a severity rating of 8.8, which is classified as critical.
CVE-2018-0432 affects the Cisco Vedge 100, Cisco Vedge 1000, Cisco Vedge 2000, and Cisco Vedge 5000 firmware versions up to and excluding 18.3.0.
An attacker can exploit CVE-2018-0432 by exploiting a failure to properly validate certain parameters in the error reporting application of the Cisco SD-WAN Solution.
To fix CVE-2018-0432, it is recommended to upgrade to a version of the Cisco SD-WAN Solution that includes a fix for this vulnerability.