CVE-2018-0348

Severity Score

7.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the load command within the VPN subsystem. The attacker must be authenticated to access the affected CLI parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69866.

Una vulnerabilidad en la interfaz de línea de comandos de Cisco SD-WAN podría permitir que un atacante remoto autenticado inyecte comandos arbitrarios que se ejecutan con privilegios root. Esta vulnerabilidad se debe a una validación de entradas insuficiente. Un atacante podría explotar esta vulnerabilidad autenticándose en el dispositivo y enviando entradas maliciosas al al comando load en el subsistema VPN. El atacante debe estar autenticado para acceder al parámetro de la interfaz de línea de comandos afectado. Su explotación con éxito podría permitir que el atacante ejecute comandos con privilegios root. Esta vulnerabilidad afecta a los siguientes productos Cisco si están ejecutando una versión de Cisco SD-WAN Solution anterior a la 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software y vSmart Controller Software. Cisco Bug IDs: CSCvi69866.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-11-27 CVE Reserved
2018-07-18 CVE Published
2024-08-05 CVE Updated
2024-09-12 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CAPEC

References (2)

URL	Tag	Source
http://www.securityfocus.com/bid/104875	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdnjct	2020-08-31

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"	Vedge-100 Firmware Search vendor "Cisco" for product "Vedge-100 Firmware"	< 18.3.0 Search vendor "Cisco" for product "Vedge-100 Firmware" and version " < 18.3.0"	-	Affected	in	Cisco Search vendor "Cisco"	Vedge-100 Search vendor "Cisco" for product "Vedge-100"	-	-	Safe
Cisco Search vendor "Cisco"	Vedge 100b Firmware Search vendor "Cisco" for product "Vedge 100b Firmware"	< 18.3.0 Search vendor "Cisco" for product "Vedge 100b Firmware" and version " < 18.3.0"	-	Affected	in	Cisco Search vendor "Cisco"	Vedge 100b Search vendor "Cisco" for product "Vedge 100b"	-	-	Safe
Cisco Search vendor "Cisco"	Vedge 100m Firmware Search vendor "Cisco" for product "Vedge 100m Firmware"	< 18.3.0 Search vendor "Cisco" for product "Vedge 100m Firmware" and version " < 18.3.0"	-	Affected	in	Cisco Search vendor "Cisco"	Vedge 100m Search vendor "Cisco" for product "Vedge 100m"	-	-	Safe
Cisco Search vendor "Cisco"	Vedge 100wm Firmware Search vendor "Cisco" for product "Vedge 100wm Firmware"	< 18.3.0 Search vendor "Cisco" for product "Vedge 100wm Firmware" and version " < 18.3.0"	-	Affected	in	Cisco Search vendor "Cisco"	Vedge 100wm Search vendor "Cisco" for product "Vedge 100wm"	-	-	Safe
Cisco Search vendor "Cisco"	Vedge-1000 Firmware Search vendor "Cisco" for product "Vedge-1000 Firmware"	< 18.3.0 Search vendor "Cisco" for product "Vedge-1000 Firmware" and version " < 18.3.0"	-	Affected	in	Cisco Search vendor "Cisco"	Vedge-1000 Search vendor "Cisco" for product "Vedge-1000"	-	-	Safe
Cisco Search vendor "Cisco"	Vedge-2000 Firmware Search vendor "Cisco" for product "Vedge-2000 Firmware"	< 18.3.0 Search vendor "Cisco" for product "Vedge-2000 Firmware" and version " < 18.3.0"	-	Affected	in	Cisco Search vendor "Cisco"	Vedge-2000 Search vendor "Cisco" for product "Vedge-2000"	-	-	Safe
Cisco Search vendor "Cisco"	Vedge-5000 Firmware Search vendor "Cisco" for product "Vedge-5000 Firmware"	< 18.3.0 Search vendor "Cisco" for product "Vedge-5000 Firmware" and version " < 18.3.0"	-	Affected	in	Cisco Search vendor "Cisco"	Vedge-5000 Search vendor "Cisco" for product "Vedge-5000"	-	-	Safe
Cisco Search vendor "Cisco"		Vbond Orchestrator Search vendor "Cisco" for product "Vbond Orchestrator"				-		-		Affected
Cisco Search vendor "Cisco"		Vedge-plus Search vendor "Cisco" for product "Vedge-plus"				-		-		Affected
Cisco Search vendor "Cisco"		Vedge-pro Search vendor "Cisco" for product "Vedge-pro"				-		-		Affected
Cisco Search vendor "Cisco"		Vmanage Network Management Search vendor "Cisco" for product "Vmanage Network Management"				-		-		Affected
Cisco Search vendor "Cisco"		Vsmart Controller Search vendor "Cisco" for product "Vsmart Controller"				-		-		Affected