CVE-2018-0342

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN Solution versions prior to 18.3.0 vBond Orchestrator Software versions prior to 18.3.0 vEdge 100 Series Routers versions prior to 18.3.0 vEdge 1000 Series Routers versions prior to 18.3.0 vEdge 2000 Series Routers versions prior to 18.3.0 vEdge 5000 Series Routers versions prior to 18.3.0 vEdge Cloud Router Platform versions prior to 18.3.0 vManage Network Management Software versions prior to 18.3.0 vSmart Controller Software versions prior to 18.3.0

Description A vulnerability in the configuration and monitoring service could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. The issue is due to incomplete bounds checks for data provided by the configuration and monitoring service. An attacker could exploit this by sending malicious data to the vDaemon listening service, potentially causing a buffer overflow condition that allows the execution of arbitrary code with root privileges or results in a DoS condition.

Recommendations For all versions prior to 18.3.0, update to Release 18.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the vDaemon listening service to minimize the risk of exploitation.