CVE-2018-0433

Published: Oct 5, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.

Affected (8)

Products: Cisco: Vedge 100 Firmware, Vedge 1000 Firmware, Vedge 2000 Firmware, Vedge 5000 Firmware, Vbond Orchestrator, Vedge Cloud Router Platform, Vmanage Network Management System, Vsmart Controller

8 products

Vedge Cloud Router Platform

Vmanage Network Management System

Vsmart Controller

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Vedge 100 Firmware	Before 18.3.0

Running on/with	Platform Versions
Cisco Vedge 100	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Vedge 1000 Firmware	Before 18.3.0

Running on/with	Platform Versions
Cisco Vedge 1000	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Vedge 2000 Firmware	Before 18.3.0

Running on/with	Platform Versions
Cisco Vedge 2000	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Vedge 5000 Firmware	Before 18.3.0

Running on/with	Platform Versions
Cisco Vedge 5000	All versions

Configuration E

4 vulnerable

Vulnerable Software	Affected Versions
Cisco Vbond Orchestrator	All versions
Cisco Vedge Cloud Router Platform	All versions
Cisco Vmanage Network Management System	All versions
Cisco Vsmart Controller	All versions