CVE-2018-0434

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN Solution (affected versions not specified)

Description The issue is related to insufficient certificate validation in the Zero Touch Provisioning feature, allowing an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. An attacker could exploit this by supplying a crafted certificate to an affected device, potentially conducting man-in-the-middle attacks to decrypt confidential information on user connections.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.