CVE-2018-0342

EPSS 0.24%
Veröffentlicht 18.07.2018 23:29:00
Zuletzt bearbeitet 21.11.2024 03:38:01
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete bounds checks for data that is provided by the configuration and monitoring service of the affected solution. An attacker could exploit this vulnerability by sending malicious data to the vDaemon listening service on an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, which could allow the attacker to execute arbitrary code with root privileges on the device or cause the vDaemon listening service to reload and result in a DoS condition on the device. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi70003.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Vbond Orchestrator Version-

Cisco ≫ Vedge-plus Version-

Cisco ≫ Vedge-pro Version-

Cisco ≫ Vmanage Network Management Version-

Cisco ≫ Vsmart Controller Version-

Cisco ≫ Vedge-100 Firmware Version < 18.3.0

Cisco ≫ Vedge-100 Version-

Cisco ≫ Vedge 100b Firmware Version < 18.3.0

Cisco ≫ Vedge 100b Version-

Cisco ≫ Vedge 100m Firmware Version < 18.3.0

Cisco ≫ Vedge 100m Version-

Cisco ≫ Vedge 100wm Firmware Version < 18.3.0

Cisco ≫ Vedge 100wm Version-

Cisco ≫ Vedge-1000 Firmware Version < 18.3.0

Cisco ≫ Vedge-1000 Version-

Cisco ≫ Vedge-2000 Firmware Version < 18.3.0

Cisco ≫ Vedge-2000 Version-

Cisco ≫ Vedge-5000 Firmware Version < 18.3.0

Cisco ≫ Vedge-5000 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.468

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/104877

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-bo

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0342

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0342

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0342

EUVD