CVE-2018-0349

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN Solution versions prior to 18.3.0 vBond Orchestrator Software versions prior to 18.3.0 vEdge 100 Series Routers versions prior to 18.3.0 vEdge 1000 Series Routers versions prior to 18.3.0 vEdge 2000 Series Routers versions prior to 18.3.0 vEdge 5000 Series Routers versions prior to 18.3.0 vEdge Cloud Router Platform versions prior to 18.3.0 vManage Network Management Software versions prior to 18.3.0 vSmart Controller Software versions prior to 18.3.0

Description A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The issue is due to improper input validation of the request admin-tech command in the CLI of the affected software. An attacker could exploit this by modifying the request admin-tech command, potentially allowing them to overwrite arbitrary files and escalate their privileges to the root user.

Recommendations For Cisco SD-WAN Solution version prior to 18.3.0, update to Release 18.3.0 or later. For vBond Orchestrator Software version prior to 18.3.0, update to Release 18.3.0 or later. For vEdge 100 Series Routers version prior to 18.3.0, update to Release 18.3.0 or later. For vEdge 1000 Series Routers version prior to 18.3.0, update to Release 18.3.0 or later. For vEdge 2000 Series Routers version prior to 18.3.0, update to Release 18.3.0 or later. For vEdge 5000 Series Routers version prior to 18.3.0, update to Release 18.3.0 or later. For vEdge Cloud Router Platform version prior to 18.3.0, update to Release 18.3.0 or later. For vManage Network Management Software version prior to 18.3.0, update to Release 18.3.0 or later. For vSmart Controller Software version prior to 18.3.0, update to Release 18.3.0 or later.