CVE-2018-15387

Опубликовано: 05 окт. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system image signed with a crafted certificate to an affected device, bypassing the certificate validation. An exploit could allow an attacker to deploy a crafted system image.

Ссылки

http://www.securityfocus.com/bid/105509
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-sd-wan-bypass
Vendor Advisory
http://www.securityfocus.com/bid/105509
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-sd-wan-bypass
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*

Версия от 17.2.0 (включая) до 17.2.8 (исключая)

cpe:2.3:a:cisco:sd-wan:18.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00161

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20

CWE-295

Связанные уязвимости

GHSA-jhq5-xcpf-vrwm

CVSS3: 9.8

github

больше 3 лет назад

BDU:2019-00049

CVSS3: 8.1

fstec

больше 7 лет назад

Уязвимость программно-определяемой сети Cisco SD-WAN, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю обойти проверку сертификата