CVSS: 9.0EPSS: 0%CPEs: 19EXPL: 0CVE-2018-0345
https://notcve.org/view.php?id=CVE-2018-0345
18 Jul 2018 — A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that co... • http://www.securityfocus.com/bid/104859 • CWE-20: Improper Input Validation CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2018-0342
https://notcve.org/view.php?id=CVE-2018-0342
18 Jul 2018 — A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete bounds checks for data that is provided by the configuration and monitoring service of the affected solution. An attacker could exploit this vulnerability by sending malicious data to the vDaemon listening service on an affe... • http://www.securityfocus.com/bid/104877 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2018-0346
https://notcve.org/view.php?id=CVE-2018-0346
18 Jul 2018 — A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checks for certain values in packets that are sent to the Zero Touch Provisioning service of the affected software. An attacker could exploit this vulnerability by sending malicious packets to the affected software for processing. When the software processes the pack... • http://www.securityfocus.com/bid/104855 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 19EXPL: 0CVE-2018-0350
https://notcve.org/view.php?id=CVE-2018-0350
18 Jul 2018 — A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page. The attacker must be authenticated to access the affected parameter. A successful exploit could allow the attac... • http://www.securityfocus.com/bid/104874 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •