exploitDog

GHSA-jhq5-xcpf-vrwm

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system image signed with a crafted certificate to an affected device, bypassing the certificate validation. An exploit could allow an attacker to deploy a crafted system image.

A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system image signed with a crafted certificate to an affected device, bypassing the certificate validation. An exploit could allow an attacker to deploy a crafted system image.

Ссылки

EPSS

Процентиль: 37%

0.00161

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-295

Связанные уязвимости

CVE-2018-15387

CVSS3: 9.8

nvd

больше 7 лет назад

A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system image signed with a crafted certificate to an affected device, bypassing the certificate validation. An exploit could allow an attacker to deploy a crafted system image.

BDU:2019-00049

CVSS3: 8.1

fstec

больше 7 лет назад

Уязвимость программно-определяемой сети Cisco SD-WAN, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю обойти проверку сертификата

EPSS

Процентиль: 37%

0.00161

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-295