CVE-2018-0432
Cisco SD-WAN Solution Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the error reporting application configuration. An attacker could exploit this vulnerability by sending a crafted command to the error reporting feature. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.
Una vulnerabilidad en la característica de manejo de errores de Cisco SD-WAN Solution podría permitir que un atacante remoto autenticado obtenga privilegios elevados en un dispositivo afectado. La vulnerabilidad se debe a un error a la hora de validar correctamente ciertos parámetros incluidos en la configuración de la aplicación de informe de errores. Un atacante podría explotar esta vulnerabilidad mediante el envío de un comando manipulado a la característica de informe de errores. Un exploit exitoso podría permitir que el atacante obtenga privilegios de nivel root y obtenga el control total del dispositivo.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-11-27 CVE Reserved
- 2018-10-05 CVE Published
- 2023-03-07 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105296 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Vedge 100 Firmware Search vendor "Cisco" for product "Vedge 100 Firmware" | < 18.3.0 Search vendor "Cisco" for product "Vedge 100 Firmware" and version " < 18.3.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge 100 Search vendor "Cisco" for product "Vedge 100" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Vedge 1000 Firmware Search vendor "Cisco" for product "Vedge 1000 Firmware" | < 18.3.0 Search vendor "Cisco" for product "Vedge 1000 Firmware" and version " < 18.3.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge 1000 Search vendor "Cisco" for product "Vedge 1000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Vedge 2000 Firmware Search vendor "Cisco" for product "Vedge 2000 Firmware" | < 18.3.0 Search vendor "Cisco" for product "Vedge 2000 Firmware" and version " < 18.3.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge 2000 Search vendor "Cisco" for product "Vedge 2000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Vedge 5000 Firmware Search vendor "Cisco" for product "Vedge 5000 Firmware" | < 18.3.0 Search vendor "Cisco" for product "Vedge 5000 Firmware" and version " < 18.3.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge 5000 Search vendor "Cisco" for product "Vedge 5000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Vmanage Network Management System Search vendor "Cisco" for product "Vmanage Network Management System" | - | - |
Affected
| ||||||