PT-2018-8775 · Cisco · Vedge 100 Series Routers+4
Publicado
2018-07-18
·
Atualizado
2019-10-09
·
CVE-2018-0347
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cisco SD-WAN Solution versions prior to 18.3.0
vEdge 100 Series Routers versions prior to 18.3.0
vEdge 1000 Series Routers versions prior to 18.3.0
vEdge 2000 Series Routers versions prior to 18.3.0
vEdge 5000 Series Routers versions prior to 18.3.0
Description
A vulnerability in the Zero Touch Provisioning (ZTP) subsystem could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The issue is due to insufficient input validation. An attacker could exploit this by authenticating to the device and submitting malicious input to the affected parameter, allowing them to execute commands with root privileges.
Recommendations
For Cisco SD-WAN Solution versions prior to 18.3.0, update to Release 18.3.0 or later.
For vEdge 100 Series Routers versions prior to 18.3.0, update to Release 18.3.0 or later.
For vEdge 1000 Series Routers versions prior to 18.3.0, update to Release 18.3.0 or later.
For vEdge 2000 Series Routers versions prior to 18.3.0, update to Release 18.3.0 or later.
For vEdge 5000 Series Routers versions prior to 18.3.0, update to Release 18.3.0 or later.
Correção
Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cisco Sd-Wan Solution
Vedge 100 Series Routers
Vedge 1000 Series Routers
Vedge 2000 Series Routers
Vedge 5000 Series Routers