Details of VAR-201807-1001

ID

VAR-201807-1001

CVE

CVE-2018-0346

TITLE

Cisco SD-WAN Solution Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-008408 // CNNVD: CNNVD-201807-1306

DESCRIPTION

A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checks for certain values in packets that are sent to the Zero Touch Provisioning service of the affected software. An attacker could exploit this vulnerability by sending malicious packets to the affected software for processing. When the software processes the packets, a buffer overflow condition could occur and cause an affected device to reload. A successful exploit could allow the attacker to cause a temporary DoS condition while the device reloads. This vulnerability can be exploited only by traffic that is destined for an affected device. It cannot be exploited by traffic that is transiting a device. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69914. Cisco SD-WAN Solution Contains a buffer error vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvi69914 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco SD-WAN is prone to a remote denial-of-service vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Smart Controller Software is a set of intelligent network control software. SD-WAN Solution is a set of network expansion solutions running in it

Trust: 1.98

sources: NVD: CVE-2018-0346 // JVNDB: JVNDB-2018-008408 // BID: 104855 // VULHUB: VHN-118548

AFFECTED PRODUCTS

vendor:	cisco	model:	vedge-pro	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	vsmart controller	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	vbond orchestrator	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	vmanage network management	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	vedge-plus	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	vedge-1000	scope:	lt	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	vedge-2000	scope:	lt	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	vedge-5000	scope:	lt	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	vedge-100	scope:	lt	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	vedge 100wm	scope:	lt	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	vedge 100b	scope:	lt	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	lt	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	vbond orchestrator	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vedge 100	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vedge 1000	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vedge 100b	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vedge 100m	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vedge 100wm	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vedge 2000	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vedge 5000	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vedge-plus	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vedge-pro	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vmanage network management	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vsmart controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vsmart controller	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	vmanage network management	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	vbond orchestrator	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	sd-wan	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	sd-wan	scope:	ne	version:	18.3	Trust: 0.3

sources: BID: 104855 // JVNDB: JVNDB-2018-008408 // CNNVD: CNNVD-201807-1306 // NVD: CVE-2018-0346

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0346
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0346
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201807-1306
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118548
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0346
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118548
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0346
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118548 // JVNDB: JVNDB-2018-008408 // CNNVD: CNNVD-201807-1306 // NVD: CVE-2018-0346

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-118548 // JVNDB: JVNDB-2018-008408 // NVD: CVE-2018-0346

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1306

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201807-1306

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008408

PATCH

title:	cisco-sa-20180718-sdwan-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-dos	Trust: 0.8
title:	Cisco SD-WAN Solution Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82207	Trust: 0.6

sources: JVNDB: JVNDB-2018-008408 // CNNVD: CNNVD-201807-1306

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0346	Trust: 2.8
db:	BID	id:	104855	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-008408	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-1306	Trust: 0.7
db:	VULHUB	id:	VHN-118548	Trust: 0.1

sources: VULHUB: VHN-118548 // BID: 104855 // JVNDB: JVNDB-2018-008408 // CNNVD: CNNVD-201807-1306 // NVD: CVE-2018-0346

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180718-sdwan-dos	Trust: 2.0
url:	http://www.securityfocus.com/bid/104855	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0346	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0346	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118548 // BID: 104855 // JVNDB: JVNDB-2018-008408 // CNNVD: CNNVD-201807-1306 // NVD: CVE-2018-0346

CREDITS

Cisco

Trust: 0.3

sources: BID: 104855

SOURCES

db:	VULHUB	id:	VHN-118548
db:	BID	id:	104855
db:	JVNDB	id:	JVNDB-2018-008408
db:	CNNVD	id:	CNNVD-201807-1306
db:	NVD	id:	CVE-2018-0346

LAST UPDATE DATE

2024-11-23T22:30:20.071000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118548	date:	2019-10-09T00:00:00
db:	BID	id:	104855	date:	2018-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-008408	date:	2018-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201807-1306	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0346	date:	2024-11-21T03:38:01.710

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118548	date:	2018-07-18T00:00:00
db:	BID	id:	104855	date:	2018-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-008408	date:	2018-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201807-1306	date:	2018-07-19T00:00:00
db:	NVD	id:	CVE-2018-0346	date:	2018-07-18T23:29:00.447