Details of VAR-201807-0997

ID

VAR-201807-0997

CVE

CVE-2018-0342

TITLE

Cisco SD-WAN Solution Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-008575 // CNNVD: CNNVD-201807-1310

DESCRIPTION

A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete bounds checks for data that is provided by the configuration and monitoring service of the affected solution. An attacker could exploit this vulnerability by sending malicious data to the vDaemon listening service on an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, which could allow the attacker to execute arbitrary code with root privileges on the device or cause the vDaemon listening service to reload and result in a DoS condition on the device. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi70003. Cisco SD-WAN Solution Contains a buffer error vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvi70003 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscovBondOrchestratorSoftware and others are products of Cisco. CiscovBondOrchestratorSoftware is a set of secure network extension management software. The vEdge100SeriesRouters is a 100 Series router product. SD-WANSolution is a set of network expansion solutions running in it. Cisco SD-WAN Solution is prone to a local buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer

Trust: 2.52

sources: NVD: CVE-2018-0342 // JVNDB: JVNDB-2018-008575 // CNVD: CNVD-2018-14082 // BID: 104877 // VULHUB: VHN-118544

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-14082

AFFECTED PRODUCTS

vendor:	cisco	model:	vedge-pro	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	vsmart controller	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	vbond orchestrator	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	vmanage network management	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	vedge-plus	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	vedge-1000	scope:	lt	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	vedge-2000	scope:	lt	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	vedge-5000	scope:	lt	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	vedge-100	scope:	lt	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	vedge 100wm	scope:	lt	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	vedge 100b	scope:	lt	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	lt	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	vedge series routers	scope:	eq	version:	1000	Trust: 0.9
vendor:	cisco	model:	vbond orchestrator	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vedge 100	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vedge 1000	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vedge 100b	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vedge 100m	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vedge 100wm	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vedge 2000	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vedge 5000	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vedge-plus	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vedge-pro	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vmanage network management	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vsmart controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vbond orchestrator software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	vmanage network management software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	vsmart controller software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	vedge cloud router platform	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	vedge series routers	scope:	eq	version:	5000	Trust: 0.6
vendor:	cisco	model:	vedge series routers	scope:	eq	version:	2000	Trust: 0.6
vendor:	cisco	model:	vedge series routers	scope:	eq	version:	100	Trust: 0.6
vendor:	cisco	model:	vsmart controller software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	vmanage network management	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	vedge cloud router	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	vedge	scope:	eq	version:	50000	Trust: 0.3
vendor:	cisco	model:	vedge	scope:	eq	version:	20000	Trust: 0.3
vendor:	cisco	model:	vedge	scope:	eq	version:	10000	Trust: 0.3
vendor:	cisco	model:	vbond orchestrator	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	sd-wan	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	sd-wan	scope:	ne	version:	18.3	Trust: 0.3

sources: CNVD: CNVD-2018-14082 // BID: 104877 // JVNDB: JVNDB-2018-008575 // CNNVD: CNNVD-201807-1310 // NVD: CVE-2018-0342

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0342
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0342
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-14082
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201807-1310
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118544
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0342
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-14082
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-118544
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0342
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-14082 // VULHUB: VHN-118544 // JVNDB: JVNDB-2018-008575 // CNNVD: CNNVD-201807-1310 // NVD: CVE-2018-0342

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-118544 // JVNDB: JVNDB-2018-008575 // NVD: CVE-2018-0342

THREAT TYPE

local

Trust: 0.9

sources: BID: 104877 // CNNVD: CNNVD-201807-1310

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201807-1310

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008575

PATCH

title:	cisco-sa-20180718-sd-wan-bo	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-bo	Trust: 0.8
title:	Patch for CiscoSD-WANSolution Local Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/135535	Trust: 0.6
title:	Cisco SD-WAN Solution Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82211	Trust: 0.6

sources: CNVD: CNVD-2018-14082 // JVNDB: JVNDB-2018-008575 // CNNVD: CNNVD-201807-1310

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0342	Trust: 3.4
db:	BID	id:	104877	Trust: 2.6
db:	JVNDB	id:	JVNDB-2018-008575	Trust: 0.8
db:	CNVD	id:	CNVD-2018-14082	Trust: 0.6
db:	CNNVD	id:	CNNVD-201807-1310	Trust: 0.6
db:	VULHUB	id:	VHN-118544	Trust: 0.1

sources: CNVD: CNVD-2018-14082 // VULHUB: VHN-118544 // BID: 104877 // JVNDB: JVNDB-2018-008575 // CNNVD: CNNVD-201807-1310 // NVD: CVE-2018-0342

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180718-sd-wan-bo	Trust: 2.0
url:	http://www.securityfocus.com/bid/104877	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0342	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0342	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2018-14082 // VULHUB: VHN-118544 // BID: 104877 // JVNDB: JVNDB-2018-008575 // CNNVD: CNNVD-201807-1310 // NVD: CVE-2018-0342

CREDITS

Cisco

Trust: 0.3

sources: BID: 104877

SOURCES

db:	CNVD	id:	CNVD-2018-14082
db:	VULHUB	id:	VHN-118544
db:	BID	id:	104877
db:	JVNDB	id:	JVNDB-2018-008575
db:	CNNVD	id:	CNNVD-201807-1310
db:	NVD	id:	CVE-2018-0342

LAST UPDATE DATE

2024-11-23T22:41:47.467000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-14082	date:	2018-07-27T00:00:00
db:	VULHUB	id:	VHN-118544	date:	2019-10-09T00:00:00
db:	BID	id:	104877	date:	2018-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-008575	date:	2018-10-23T00:00:00
db:	CNNVD	id:	CNNVD-201807-1310	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0342	date:	2024-11-21T03:38:01.167

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-14082	date:	2018-07-27T00:00:00
db:	VULHUB	id:	VHN-118544	date:	2018-07-18T00:00:00
db:	BID	id:	104877	date:	2018-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-008575	date:	2018-10-23T00:00:00
db:	CNNVD	id:	CNNVD-201807-1310	date:	2018-07-19T00:00:00
db:	NVD	id:	CVE-2018-0342	date:	2018-07-18T23:29:00.243