CVE-2018-0343
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient access restrictions to the HTTP management interface of the affected solution. An attacker could exploit this vulnerability by sending a malicious HTTP request to the affected management service through an authenticated device. A successful exploit could allow the attacker to execute arbitrary code with vmanage user privileges or stop HTTP services on an affected system. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69976.
Una vulnerabilidad en el servicio de configuración y gestión de Cisco SD-WAN Solution podría permitir que un atacante remoto autenticado ejecute código arbitrario con privilegios de usuario vmanage o provoque una condición de denegación de servicio (DoS) en un sistema afectado. La vulnerabilidad se debe a las restricciones de acceso insuficientes en la interfaz de gestión HTTP de la solución afectada. Un atacante podría explotar esta vulnerabilidad enviando una petición HTTP maliciosa al servicio de gestión afectado mediante un dispositivo autenticado. Su explotación con éxito podría permitir que el atacante ejecute código arbitrario con privilegios de usuario vmanage o detenga los servicios HTTP en un sistema afectado. Esta vulnerabilidad afecta a los siguientes productos Cisco si están ejecutando una versión de Cisco SD-WAN Solution anterior a la 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software y vSmart Controller Software. Cisco Bug IDs: CSCvi69976.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-11-27 CVE Reserved
- 2018-07-18 CVE Published
- 2024-08-05 CVE Updated
- 2024-10-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
- CWE-284: Improper Access Control
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/104861 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Vedge-100 Firmware Search vendor "Cisco" for product "Vedge-100 Firmware" | < 18.3.0 Search vendor "Cisco" for product "Vedge-100 Firmware" and version " < 18.3.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge-100 Search vendor "Cisco" for product "Vedge-100" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Vedge 100b Firmware Search vendor "Cisco" for product "Vedge 100b Firmware" | < 18.3.0 Search vendor "Cisco" for product "Vedge 100b Firmware" and version " < 18.3.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge 100b Search vendor "Cisco" for product "Vedge 100b" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Vedge 100m Firmware Search vendor "Cisco" for product "Vedge 100m Firmware" | < 18.3.0 Search vendor "Cisco" for product "Vedge 100m Firmware" and version " < 18.3.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge 100m Search vendor "Cisco" for product "Vedge 100m" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Vedge 100wm Firmware Search vendor "Cisco" for product "Vedge 100wm Firmware" | < 18.3.0 Search vendor "Cisco" for product "Vedge 100wm Firmware" and version " < 18.3.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge 100wm Search vendor "Cisco" for product "Vedge 100wm" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Vedge-1000 Firmware Search vendor "Cisco" for product "Vedge-1000 Firmware" | < 18.3.0 Search vendor "Cisco" for product "Vedge-1000 Firmware" and version " < 18.3.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge-1000 Search vendor "Cisco" for product "Vedge-1000" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Vedge-2000 Firmware Search vendor "Cisco" for product "Vedge-2000 Firmware" | < 18.3.0 Search vendor "Cisco" for product "Vedge-2000 Firmware" and version " < 18.3.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge-2000 Search vendor "Cisco" for product "Vedge-2000" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Vedge-5000 Firmware Search vendor "Cisco" for product "Vedge-5000 Firmware" | < 18.3.0 Search vendor "Cisco" for product "Vedge-5000 Firmware" and version " < 18.3.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge-5000 Search vendor "Cisco" for product "Vedge-5000" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Vbond Orchestrator Search vendor "Cisco" for product "Vbond Orchestrator" | - | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vedge-plus Search vendor "Cisco" for product "Vedge-plus" | - | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vedge-pro Search vendor "Cisco" for product "Vedge-pro" | - | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vmanage Network Management Search vendor "Cisco" for product "Vmanage Network Management" | - | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vsmart Controller Search vendor "Cisco" for product "Vsmart Controller" | - | - |
Affected
|