CVE-2018-0346

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN Solution versions prior to 18.3.0 vBond Orchestrator Software versions prior to 18.3.0 vManage Network Management Software versions prior to 18.3.0 vSmart Controller Software versions prior to 18.3.0

Description A vulnerability in the Zero Touch Provisioning service could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The issue is due to incorrect bounds checks for certain values in packets sent to the Zero Touch Provisioning service. An attacker could exploit this by sending malicious packets, potentially causing a buffer overflow condition and leading to a device reload. A successful exploit could allow the attacker to cause a temporary DoS condition while the device reloads. This vulnerability can only be exploited by traffic destined for an affected device.

Recommendations For Cisco SD-WAN Solution versions prior to 18.3.0, update to Release 18.3.0 or later. For vBond Orchestrator Software versions prior to 18.3.0, update to Release 18.3.0 or later. For vManage Network Management Software versions prior to 18.3.0, update to Release 18.3.0 or later. For vSmart Controller Software versions prior to 18.3.0, update to Release 18.3.0 or later.