Sign-up

ID

VAR-201807-1003


CVE

CVE-2018-0348


TITLE

Cisco SD-WAN Solution Command injection vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-008410 // CNNVD: CNNVD-201807-1304

DESCRIPTION

A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the load command within the VPN subsystem. The attacker must be authenticated to access the affected CLI parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69866. Cisco SD-WAN Solution Contains a command injection vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvi69866 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscovBondOrchestratorSoftware and others are products of Cisco. CiscovBondOrchestratorSoftware is a set of secure network extension management software. The vEdge100SeriesRouters is a 100 Series router product. SD-WANSolution is a set of network expansion solutions running in it. A CLI injection vulnerability exists in the CLI in versions prior to Cisco SD-WANSolution 18.3.0, which was caused by the program failing to perform sufficient input validation

Trust: 2.52

sources: NVD: CVE-2018-0348 // JVNDB: JVNDB-2018-008410 // CNVD: CNVD-2018-14074 // BID: 104875 // VULHUB: VHN-118550

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-14074

AFFECTED PRODUCTS

vendor:ciscomodel:vedge-proscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:vsmart controllerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:vbond orchestratorscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:vmanage network managementscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:vedge-plusscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:vedge-1000scope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vedge-2000scope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vedge-5000scope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vedge-100scope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vedge 100wmscope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vedge 100bscope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vedge 100mscope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vedge series routersscope:eqversion:1000

Trust: 0.9

vendor:ciscomodel:vbond orchestratorscope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge 100scope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge 1000scope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge 100bscope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge 100mscope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge 100wmscope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge 2000scope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge 5000scope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge-plusscope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge-proscope: - version: -

Trust: 0.8

vendor:ciscomodel:vmanage network managementscope: - version: -

Trust: 0.8

vendor:ciscomodel:vsmart controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:vbond orchestrator softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:vmanage network management softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:vsmart controller softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:vedge cloud router platformscope: - version: -

Trust: 0.6

vendor:ciscomodel:vedge series routersscope:eqversion:5000

Trust: 0.6

vendor:ciscomodel:vedge series routersscope:eqversion:2000

Trust: 0.6

vendor:ciscomodel:vedge series routersscope:eqversion:100

Trust: 0.6

vendor:ciscomodel:vsmart controllerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:vmanage network managementscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:vedge cloud routerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:vedgescope:eqversion:50000

Trust: 0.3

vendor:ciscomodel:vedgescope:eqversion:20000

Trust: 0.3

vendor:ciscomodel:vedgescope:eqversion:10000

Trust: 0.3

vendor:ciscomodel:vbond orchestratorscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:sd-wanscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:sd-wanscope:neversion:18.3

Trust: 0.3

sources: CNVD: CNVD-2018-14074 // BID: 104875 // JVNDB: JVNDB-2018-008410 // CNNVD: CNNVD-201807-1304 // NVD: CVE-2018-0348

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0348
value: HIGH

Trust: 1.0

NVD: CVE-2018-0348
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-14074
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201807-1304
value: HIGH

Trust: 0.6

VULHUB: VHN-118550
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0348
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-14074
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118550
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0348
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-0348
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-14074 // VULHUB: VHN-118550 // JVNDB: JVNDB-2018-008410 // CNNVD: CNNVD-201807-1304 // NVD: CVE-2018-0348

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

problemtype:CWE-78

Trust: 1.1

sources: VULHUB: VHN-118550 // JVNDB: JVNDB-2018-008410 // NVD: CVE-2018-0348

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1304

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201807-1304

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008410

PATCH
title:cisco-sa-20180718-sdwan-cmdnjcturl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdnjct
Trust: 0.8
title:Patch for CiscoSD-WANSolution Remote Command Injection Vulnerability (CNVD-2018-14074)url:https://www.cnvd.org.cn/patchInfo/show/135517
Trust: 0.6
title:Cisco SD-WAN Solution Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82205
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-14074 // 
            
            
            
            JVNDB: JVNDB-2018-008410 // 
            
            
            
            CNNVD: CNNVD-201807-1304

EXTERNAL IDS
db:NVDid:CVE-2018-0348
Trust: 3.4
db:BIDid:104875
Trust: 2.6
db:JVNDBid:JVNDB-2018-008410
Trust: 0.8
db:CNNVDid:CNNVD-201807-1304
Trust: 0.7
db:CNVDid:CNVD-2018-14074
Trust: 0.6
db:VULHUBid:VHN-118550
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-14074 // 
            
            
            
            VULHUB: VHN-118550 // 
            
            
            
            BID: 104875 // 
            
            
            
            JVNDB: JVNDB-2018-008410 // 
            
            
            
            CNNVD: CNNVD-201807-1304 // 
            
            
            
            NVD: CVE-2018-0348

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180718-sdwan-cmdnjct
Trust: 2.0
url:http://www.securityfocus.com/bid/104875
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-0348
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0348
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-14074 // 
            
            
            
            VULHUB: VHN-118550 // 
            
            
            
            BID: 104875 // 
            
            
            
            JVNDB: JVNDB-2018-008410 // 
            
            
            
            CNNVD: CNNVD-201807-1304 // 
            
            
            
            NVD: CVE-2018-0348

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 104875

SOURCES
db:CNVDid:CNVD-2018-14074
db:VULHUBid:VHN-118550
db:BIDid:104875
db:JVNDBid:JVNDB-2018-008410
db:CNNVDid:CNNVD-201807-1304
db:NVDid:CVE-2018-0348

LAST UPDATE DATE
2024-11-23T22:06:41.185000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-14074date:2018-07-27T00:00:00
db:VULHUBid:VHN-118550date:2020-08-31T00:00:00
db:BIDid:104875date:2018-07-18T00:00:00
db:JVNDBid:JVNDB-2018-008410date:2018-10-16T00:00:00
db:CNNVDid:CNNVD-201807-1304date:2020-09-02T00:00:00
db:NVDid:CVE-2018-0348date:2024-11-21T03:38:01.997

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-14074date:2018-07-27T00:00:00
db:VULHUBid:VHN-118550date:2018-07-18T00:00:00
db:BIDid:104875date:2018-07-18T00:00:00
db:JVNDBid:JVNDB-2018-008410date:2018-10-16T00:00:00
db:CNNVDid:CNNVD-201807-1304date:2018-07-19T00:00:00
db:NVDid:CVE-2018-0348date:2018-07-18T23:29:00.527