CVE-2018-0345

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN Solution versions prior to 18.3.0 vBond Orchestrator Software versions prior to 18.3.0 vManage Network Management Software versions prior to 18.3.0 vSmart Controller Software versions prior to 18.3.0

Description A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system. The issue is due to insufficient validation of command arguments passed to the configuration and management database. An attacker could exploit this by creating custom functions containing malicious code, which are executed as the vmanage user. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the vmanage user.

Recommendations For Cisco SD-WAN Solution versions prior to 18.3.0, update to Release 18.3.0 or later. For vBond Orchestrator Software versions prior to 18.3.0, update to Release 18.3.0 or later. For vManage Network Management Software versions prior to 18.3.0, update to Release 18.3.0 or later. For vSmart Controller Software versions prior to 18.3.0, update to Release 18.3.0 or later.