First published: Fri Oct 05 2018(Updated: )
A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Vedge 100 Firmware | <18.3.0 | |
Cisco Vedge 100 | ||
Cisco Vedge 1000 Firmware | <18.3.0 | |
Cisco Vedge 1000 | ||
Cisco Vedge 2000 Firmware | <18.3.0 | |
Cisco Vedge 2000 | ||
Cisco Vedge 5000 Firmware | <18.3.0 | |
Cisco Vedge 5000 | ||
Cisco Vbond Orchestrator | ||
Cisco Vedge Cloud Router Platform | ||
Cisco Vmanage Network Management System | ||
Cisco Vsmart Controller |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-0433 is a vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution that could allow an authenticated, local attacker to inject arbitrary commands with root privileges.
The severity of CVE-2018-0433 is rated as high.
CVE-2018-0433 affects Cisco SD-WAN Solution, specifically vEdge and vManage platforms.
An attacker can exploit CVE-2018-0433 by injecting arbitrary commands into the command-line interface (CLI) with root privileges.
To fix CVE-2018-0433, update the affected Cisco SD-WAN Solution to version 18.3.0 or later. Refer to the Cisco Security Advisory for more information.