Sign-up

ID

VAR-201807-1000


CVE

CVE-2018-0345


TITLE

Cisco SD-WAN Solution Input validation vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-008407 // CNNVD: CNNVD-201807-1307

DESCRIPTION

A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that contain malicious code and are executed as the vmanage user of the configuration management system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69937. Cisco SD-WAN Solution Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvi69937 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco SD-WAN is prone to a remote code-execution vulnerability. Smart Controller Software is a set of intelligent network control software. SD-WAN Solution is a set of network expansion solutions running in it

Trust: 1.98

sources: NVD: CVE-2018-0345 // JVNDB: JVNDB-2018-008407 // BID: 104859 // VULHUB: VHN-118547

AFFECTED PRODUCTS

vendor:ciscomodel:vedge-proscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:vsmart controllerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:vbond orchestratorscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:vmanage network managementscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:vedge-plusscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:vedge-1000scope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vedge-2000scope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vedge-5000scope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vedge-100scope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vedge 100wmscope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vedge 100bscope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vedge 100mscope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vbond orchestratorscope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge 100scope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge 1000scope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge 100bscope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge 100mscope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge 100wmscope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge 2000scope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge 5000scope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge-plusscope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge-proscope: - version: -

Trust: 0.8

vendor:ciscomodel:vmanage network managementscope: - version: -

Trust: 0.8

vendor:ciscomodel:vsmart controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:vsmart controllerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:vmanage network managementscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:vbond orchestratorscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:sd-wanscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:sd-wanscope:neversion:18.3

Trust: 0.3

sources: BID: 104859 // JVNDB: JVNDB-2018-008407 // CNNVD: CNNVD-201807-1307 // NVD: CVE-2018-0345

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0345
value: HIGH

Trust: 1.0

NVD: CVE-2018-0345
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201807-1307
value: HIGH

Trust: 0.6

VULHUB: VHN-118547
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0345
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118547
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0345
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-0345
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-118547 // JVNDB: JVNDB-2018-008407 // CNNVD: CNNVD-201807-1307 // NVD: CVE-2018-0345

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-88

Trust: 1.1

sources: VULHUB: VHN-118547 // JVNDB: JVNDB-2018-008407 // NVD: CVE-2018-0345

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1307

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 104859 // CNNVD: CNNVD-201807-1307

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008407

PATCH
title:cisco-sa-20180718-sdwan-cxurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx
Trust: 0.8
title:Cisco SD-WAN Solution Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82208
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008407 // 
            
            
            
            CNNVD: CNNVD-201807-1307

EXTERNAL IDS
db:NVDid:CVE-2018-0345
Trust: 2.8
db:BIDid:104859
Trust: 2.0
db:JVNDBid:JVNDB-2018-008407
Trust: 0.8
db:CNNVDid:CNNVD-201807-1307
Trust: 0.7
db:VULHUBid:VHN-118547
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118547 // 
            
            
            
            BID: 104859 // 
            
            
            
            JVNDB: JVNDB-2018-008407 // 
            
            
            
            CNNVD: CNNVD-201807-1307 // 
            
            
            
            NVD: CVE-2018-0345

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180718-sdwan-cx
Trust: 2.0
url:http://www.securityfocus.com/bid/104859
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0345
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0345
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118547 // 
            
            
            
            BID: 104859 // 
            
            
            
            JVNDB: JVNDB-2018-008407 // 
            
            
            
            CNNVD: CNNVD-201807-1307 // 
            
            
            
            NVD: CVE-2018-0345

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 104859

SOURCES
db:VULHUBid:VHN-118547
db:BIDid:104859
db:JVNDBid:JVNDB-2018-008407
db:CNNVDid:CNNVD-201807-1307
db:NVDid:CVE-2018-0345

LAST UPDATE DATE
2024-11-23T22:45:16.653000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118547date:2020-08-28T00:00:00
db:BIDid:104859date:2018-07-18T00:00:00
db:JVNDBid:JVNDB-2018-008407date:2018-10-16T00:00:00
db:CNNVDid:CNNVD-201807-1307date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0345date:2024-11-21T03:38:01.573

SOURCES RELEASE DATE
db:VULHUBid:VHN-118547date:2018-07-18T00:00:00
db:BIDid:104859date:2018-07-18T00:00:00
db:JVNDBid:JVNDB-2018-008407date:2018-10-16T00:00:00
db:CNNVDid:CNNVD-201807-1307date:2018-07-19T00:00:00
db:NVDid:CVE-2018-0345date:2018-07-18T23:29:00.383