Sign-up

ID

VAR-201807-0998


CVE

CVE-2018-0343


TITLE

Cisco SD-WAN Solution Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008576

DESCRIPTION

A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient access restrictions to the HTTP management interface of the affected solution. An attacker could exploit this vulnerability by sending a malicious HTTP request to the affected management service through an authenticated device. A successful exploit could allow the attacker to execute arbitrary code with vmanage user privileges or stop HTTP services on an affected system. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69976. Vendors have confirmed this vulnerability Bug ID CSCvi69976 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscovBondOrchestratorSoftware and others are products of Cisco. CiscovBondOrchestratorSoftware is a set of secure network extension management software. The vEdge100SeriesRouters is a 100 Series router product. SD-WANSolution is a set of network expansion solutions running in it. Failed exploit attempts may result in a denial-of-service condition

Trust: 2.52

sources: NVD: CVE-2018-0343 // JVNDB: JVNDB-2018-008576 // CNVD: CNVD-2018-14075 // BID: 104861 // VULHUB: VHN-118545

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-14075

AFFECTED PRODUCTS

vendor:ciscomodel:vedge-proscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:vsmart controllerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:vbond orchestratorscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:vmanage network managementscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:vedge-plusscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:vedge-1000scope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vedge-2000scope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vedge-5000scope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vedge-100scope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vedge 100wmscope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vedge 100bscope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vedge 100mscope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vbond orchestratorscope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge 100scope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge 1000scope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge 100bscope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge 100mscope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge 100wmscope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge 2000scope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge 5000scope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge-plusscope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge-proscope: - version: -

Trust: 0.8

vendor:ciscomodel:vmanage network managementscope: - version: -

Trust: 0.8

vendor:ciscomodel:vsmart controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:vbond orchestrator softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:vmanage network management softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:vsmart controller softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:vedge cloud router platformscope: - version: -

Trust: 0.6

vendor:ciscomodel:vedge series routersscope:eqversion:5000

Trust: 0.6

vendor:ciscomodel:vedge series routersscope:eqversion:2000

Trust: 0.6

vendor:ciscomodel:vedge series routersscope:eqversion:1000

Trust: 0.6

vendor:ciscomodel:vedge series routersscope:eqversion:100

Trust: 0.6

sources: CNVD: CNVD-2018-14075 // JVNDB: JVNDB-2018-008576 // CNNVD: CNNVD-201807-1309 // NVD: CVE-2018-0343

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0343
value: HIGH

Trust: 1.0

NVD: CVE-2018-0343
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-14075
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201807-1309
value: HIGH

Trust: 0.6

VULHUB: VHN-118545
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0343
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-14075
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118545
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0343
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-14075 // VULHUB: VHN-118545 // JVNDB: JVNDB-2018-008576 // CNNVD: CNNVD-201807-1309 // NVD: CVE-2018-0343

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.9

problemtype:CWE-269

Trust: 1.1

sources: VULHUB: VHN-118545 // JVNDB: JVNDB-2018-008576 // NVD: CVE-2018-0343

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1309

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201807-1309

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008576

PATCH
title:cisco-sa-20180718-sd-wan-code-exurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-code-ex
Trust: 0.8
title:Patch for CiscoSD-WANSolution Remote Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/135527
Trust: 0.6
title:Cisco SD-WAN Solution Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82210
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-14075 // 
            
            
            
            JVNDB: JVNDB-2018-008576 // 
            
            
            
            CNNVD: CNNVD-201807-1309

EXTERNAL IDS
db:NVDid:CVE-2018-0343
Trust: 3.1
db:BIDid:104861
Trust: 2.6
db:JVNDBid:JVNDB-2018-008576
Trust: 0.8
db:CNVDid:CNVD-2018-14075
Trust: 0.6
db:CNNVDid:CNNVD-201807-1309
Trust: 0.6
db:VULHUBid:VHN-118545
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-14075 // 
            
            
            
            VULHUB: VHN-118545 // 
            
            
            
            BID: 104861 // 
            
            
            
            JVNDB: JVNDB-2018-008576 // 
            
            
            
            CNNVD: CNNVD-201807-1309 // 
            
            
            
            NVD: CVE-2018-0343

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180718-sd-wan-code-ex
Trust: 2.0
url:http://www.securityfocus.com/bid/104861
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-0343
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0343
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-14075 // 
            
            
            
            VULHUB: VHN-118545 // 
            
            
            
            BID: 104861 // 
            
            
            
            JVNDB: JVNDB-2018-008576 // 
            
            
            
            CNNVD: CNNVD-201807-1309 // 
            
            
            
            NVD: CVE-2018-0343

SOURCES
db:CNVDid:CNVD-2018-14075
db:VULHUBid:VHN-118545
db:BIDid:104861
db:JVNDBid:JVNDB-2018-008576
db:CNNVDid:CNNVD-201807-1309
db:NVDid:CVE-2018-0343

LAST UPDATE DATE
2024-11-23T23:05:04.008000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-14075date:2018-07-27T00:00:00
db:VULHUBid:VHN-118545date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-008576date:2018-10-23T00:00:00
db:CNNVDid:CNNVD-201807-1309date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0343date:2024-11-21T03:38:01.300

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-14075date:2018-07-27T00:00:00
db:VULHUBid:VHN-118545date:2018-07-18T00:00:00
db:JVNDBid:JVNDB-2018-008576date:2018-10-23T00:00:00
db:CNNVDid:CNNVD-201807-1309date:2018-07-19T00:00:00
db:NVDid:CVE-2018-0343date:2018-07-18T23:29:00.290