CVE-2018-0347

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN Solution versions prior to 18.3.0 vEdge 100 Series Routers versions prior to 18.3.0 vEdge 1000 Series Routers versions prior to 18.3.0 vEdge 2000 Series Routers versions prior to 18.3.0 vEdge 5000 Series Routers versions prior to 18.3.0

Description A vulnerability in the Zero Touch Provisioning (ZTP) subsystem could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The issue is due to insufficient input validation. An attacker could exploit this by authenticating to the device and submitting malicious input to the affected parameter, allowing them to execute commands with root privileges.

Recommendations For Cisco SD-WAN Solution versions prior to 18.3.0, update to Release 18.3.0 or later. For vEdge 100 Series Routers versions prior to 18.3.0, update to Release 18.3.0 or later. For vEdge 1000 Series Routers versions prior to 18.3.0, update to Release 18.3.0 or later. For vEdge 2000 Series Routers versions prior to 18.3.0, update to Release 18.3.0 or later. For vEdge 5000 Series Routers versions prior to 18.3.0, update to Release 18.3.0 or later.