CVE-2018-0350

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN Solution versions prior to 18.3.0 vBond Orchestrator Software versions prior to 18.3.0 vEdge 100 Series Routers versions prior to 18.3.0 vEdge 1000 Series Routers versions prior to 18.3.0 vEdge 2000 Series Routers versions prior to 18.3.0 vEdge 5000 Series Routers versions prior to 18.3.0 vEdge Cloud Router Platform versions prior to 18.3.0 vManage Network Management Software versions prior to 18.3.0 vSmart Controller Software versions prior to 18.3.0

Description A vulnerability in the VPN subsystem configuration could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges due to insufficient input validation. The attacker must be authenticated to access the affected parameter and could exploit this vulnerability by submitting crafted input to the affected parameter in a web page. A successful exploit could allow the attacker to execute commands with root privileges.

Recommendations For Cisco SD-WAN Solution version prior to 18.3.0, update to Release 18.3.0 or later. For vBond Orchestrator Software version prior to 18.3.0, update to Release 18.3.0 or later. For vEdge 100 Series Routers version prior to 18.3.0, update to Release 18.3.0 or later. For vEdge 1000 Series Routers version prior to 18.3.0, update to Release 18.3.0 or later. For vEdge 2000 Series Routers version prior to 18.3.0, update to Release 18.3.0 or later. For vEdge 5000 Series Routers version prior to 18.3.0, update to Release 18.3.0 or later. For vEdge Cloud Router Platform version prior to 18.3.0, update to Release 18.3.0 or later. For vManage Network Management Software version prior to 18.3.0, update to Release 18.3.0 or later. For vSmart Controller Software version prior to 18.3.0, update to Release 18.3.0 or later.