CVE-2018-0343

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN Solution versions prior to 18.3.0 vBond Orchestrator Software versions prior to 18.3.0 vEdge 100 Series Routers versions prior to 18.3.0 vEdge 1000 Series Routers versions prior to 18.3.0 vEdge 2000 Series Routers versions prior to 18.3.0 vEdge 5000 Series Routers versions prior to 18.3.0 vEdge Cloud Router Platform versions prior to 18.3.0 vManage Network Management Software versions prior to 18.3.0 vSmart Controller Software versions prior to 18.3.0

Description A vulnerability in the configuration and management service could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. The issue is due to insufficient access restrictions to the HTTP management interface. An attacker could exploit this by sending a malicious HTTP request to the affected management service through an authenticated device, potentially allowing the execution of arbitrary code or stopping HTTP services.

Recommendations For Cisco SD-WAN Solution version prior to 18.3.0, update to Release 18.3.0 or later. For vBond Orchestrator Software version prior to 18.3.0, update to Release 18.3.0 or later. For vEdge 100 Series Routers version prior to 18.3.0, update to Release 18.3.0 or later. For vEdge 1000 Series Routers version prior to 18.3.0, update to Release 18.3.0 or later. For vEdge 2000 Series Routers version prior to 18.3.0, update to Release 18.3.0 or later. For vEdge 5000 Series Routers version prior to 18.3.0, update to Release 18.3.0 or later. For vEdge Cloud Router Platform version prior to 18.3.0, update to Release 18.3.0 or later. For vManage Network Management Software version prior to 18.3.0, update to Release 18.3.0 or later. For vSmart Controller Software version prior to 18.3.0, update to Release 18.3.0 or later.