CVE-2018-0432

Опубликовано: 05 окт. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the error reporting application configuration. An attacker could exploit this vulnerability by sending a crafted command to the error reporting feature. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.

Ссылки

http://www.securityfocus.com/bid/105296
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-escalation
Vendor Advisory
http://www.securityfocus.com/bid/105296
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-escalation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*

Версия до 18.3.0 (исключая)

cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*

Версия до 18.3.0 (исключая)

cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*

Версия до 18.3.0 (исключая)

cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*

Версия до 18.3.0 (исключая)

cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*

Конфигурация 5

cpe:2.3:a:cisco:vmanage_network_management_system:-:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01293

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-264

CWE-78

Связанные уязвимости

GHSA-7jp6-h3hx-67f6

CVSS3: 8.8

github

больше 3 лет назад

EPSS

Процентиль: 79%

0.01293

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-264

CWE-78