CVE-2018-0344

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN Solution versions prior to 18.3.0 vBond Orchestrator Software versions prior to 18.3.0 vEdge 100 Series Routers versions prior to 18.3.0 vEdge 1000 Series Routers versions prior to 18.3.0 vEdge 2000 Series Routers versions prior to 18.3.0 vEdge 5000 Series Routers versions prior to 18.3.0 vEdge Cloud Router Platform versions prior to 18.3.0 vManage Network Management Software versions prior to 18.3.0 vSmart Controller Software versions prior to 18.3.0

Description A vulnerability in the vManage dashboard could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The issue is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this by configuring a malicious username on the login page. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system.

Recommendations For Cisco SD-WAN Solution version prior to 18.3.0, update to Release 18.3.0 or later. For vBond Orchestrator Software version prior to 18.3.0, update to Release 18.3.0 or later. For vEdge 100 Series Routers version prior to 18.3.0, update to Release 18.3.0 or later. For vEdge 1000 Series Routers version prior to 18.3.0, update to Release 18.3.0 or later. For vEdge 2000 Series Routers version prior to 18.3.0, update to Release 18.3.0 or later. For vEdge 5000 Series Routers version prior to 18.3.0, update to Release 18.3.0 or later. For vEdge Cloud Router Platform version prior to 18.3.0, update to Release 18.3.0 or later. For vManage Network Management Software version prior to 18.3.0, update to Release 18.3.0 or later. For vSmart Controller Software version prior to 18.3.0, update to Release 18.3.0 or later.