CVE-2018-0432
05.10.2018, 14:29
A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the error reporting application configuration. An attacker could exploit this vulnerability by sending a crafted command to the error reporting feature. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.
| Vendor | Product | Version |
|---|---|---|
| cisco | vedge_100_firmware | 𝑥 < 18.3.0 |
| cisco | vedge_1000_firmware | 𝑥 < 18.3.0 |
| cisco | vedge_2000_firmware | 𝑥 < 18.3.0 |
| cisco | vedge_5000_firmware | 𝑥 < 18.3.0 |
| cisco | vmanage_network_management_system | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-264 -
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.