Vulnerability-Lookup

CVE-2018-0434 (GCVE-0-2018-0434)

Vulnerability from cvelistv5 – Published: 2018-10-05 14:00 – Updated: 2024-11-26 14:43

Title

Cisco SD-WAN Solution Certificate Validation Vulnerability

Summary

A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.

Severity ?

No CVSS data available.

CWE

CWE-295

Assigner

cisco

References

URL

Tags

	https://tools.cisco.com/security/center/content/C…	vendor-advisoryx_refsource_CISCO
	http://www.securityfocus.com/bid/105294	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Cisco	Cisco SD-WAN Solution	Affected: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:10.336Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20180905 Cisco SD-WAN Solution Certificate Validation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation"
          },
          {
            "name": "105294",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105294"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0434",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-25T18:51:41.912292Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T14:43:53.131Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco SD-WAN Solution",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-09-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-07T09:57:02.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20180905 Cisco SD-WAN Solution Certificate Validation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation"
        },
        {
          "name": "105294",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105294"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20180905-sd-wan-validation",
        "defect": [
          [
            "CSCvi69940"
          ]
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Cisco SD-WAN Solution Certificate Validation Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2018-09-05T16:00:00-0500",
          "ID": "CVE-2018-0434",
          "STATE": "PUBLIC",
          "TITLE": "Cisco SD-WAN Solution Certificate Validation Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco SD-WAN Solution",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "8.1",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-295"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20180905 Cisco SD-WAN Solution Certificate Validation Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation"
            },
            {
              "name": "105294",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105294"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20180905-sd-wan-validation",
          "defect": [
            [
              "CSCvi69940"
            ]
          ],
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0434",
    "datePublished": "2018-10-05T14:00:00.000Z",
    "dateReserved": "2017-11-27T00:00:00.000Z",
    "dateUpdated": "2024-11-26T14:43:53.131Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation\", \"name\": \"20180905 Cisco SD-WAN Solution Certificate Validation Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/105294\", \"name\": \"105294\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T03:28:10.336Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-0434\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-25T18:51:41.912292Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-25T18:53:27.928Z\"}}], \"cna\": {\"title\": \"Cisco SD-WAN Solution Certificate Validation Vulnerability\", \"source\": {\"defect\": [[\"CSCvi69940\"]], \"advisory\": \"cisco-sa-20180905-sd-wan-validation\", \"discovery\": \"UNKNOWN\"}, \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco SD-WAN Solution\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2018-09-05T00:00:00.000Z\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation\", \"name\": \"20180905 Cisco SD-WAN Solution Certificate Validation Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}, {\"url\": \"http://www.securityfocus.com/bid/105294\", \"name\": \"105294\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-295\", \"description\": \"CWE-295\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2018-10-07T09:57:02.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"8.1\"}}, \"source\": {\"defect\": [[\"CSCvi69940\"]], \"advisory\": \"cisco-sa-20180905-sd-wan-validation\", \"discovery\": \"UNKNOWN\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"Cisco SD-WAN Solution\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation\", \"name\": \"20180905 Cisco SD-WAN Solution Certificate Validation Vulnerability\", \"refsource\": \"CISCO\"}, {\"url\": \"http://www.securityfocus.com/bid/105294\", \"name\": \"105294\", \"refsource\": \"BID\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-295\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-0434\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco SD-WAN Solution Certificate Validation Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2018-09-05T16:00:00-0500\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2018-0434\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-26T14:43:53.131Z\", \"dateReserved\": \"2017-11-27T00:00:00.000Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2018-10-05T14:00:00.000Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2018-AVI-423

Vulnerability from certfr_avis - Published: 2018-09-06 - Updated: 2018-09-06

De multiples vulnérabilités ont été découvertes dans les produits Cisco . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Webex Meetings Suite (WBS33) versions antérieures à WBS33.4
Cisco	N/A	Cisco Umbrella Roaming Module versions antérieures à 4.6.1098
Cisco	N/A	Cisco Webex Teams versions antérieures à 20180417-150803
Cisco	N/A	Cisco Prime Access Registrar Software versions antérieures à 7.3.0.4
Cisco	N/A	vSmart Controller Software avec Cisco SD-WAN Solution versions antérieures à 18.3.0
Cisco	N/A	Cisco Webex Meetings versions antérieures à 1.3.37 (disponible à partir du 14 septembre 2018)
Cisco	N/A	Cisco Prime Access Registrar Software versions 8.0.x antérieures à 8.0.1.1
Cisco	N/A	vEdge 2000 Series Routers avec Cisco SD-WAN Solution versions antérieures à 18.3.0
Cisco	N/A	vBond Orchestrator Software avec Cisco SD-WAN Solution versions antérieures à 18.3.0
Cisco	N/A	Cisco Integrated Management Controller (IMC) versions 3.1.x antérieures à 3.1(3a)
Cisco	N/A	vManage Network Management System avec Cisco SD-WAN Solution versions antérieures à 18.3.0
Cisco	N/A	Cisco Umbrella Enterprise Roaming Client (ERC) versions antérieures à 2.1.127
Cisco	N/A	vEdge Cloud Router Platform avec Cisco SD-WAN Solution versions antérieures à 18.3.0
Cisco	N/A	Cisco Integrated Management Controller (IMC) versions 2.x et 3.0.x antérieures à 3.0(4d)
Cisco	N/A	Cisco Data Center Network Manager versions antérieures à 11.0(1)
Cisco	N/A	vEdge 1000 Series Routers avec Cisco SD-WAN Solution versions antérieures à 18.3.0
Cisco	N/A	Cisco Webex Meetings Server versions antérieures à 3.0MR2
Cisco	N/A	Cisco RV130W Wireless-N Multifunction VPN Router versions antérieures à 1.0.3.44
Cisco	N/A	vEdge 5000 Series Routers avec Cisco SD-WAN Solution versions antérieures à 18.3.0
Cisco	N/A	Cisco Umbrella API
Cisco	N/A	Cisco Webex Meetings Suite versions antérieures à WBS32.15.20
Cisco	N/A	vEdge 100 Series Routers avec Cisco SD-WAN Solution versions antérieures à 18.3.0

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20180905-sd-wan-escalation du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-sd-wan-validation du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-rv-routers-injection du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-umbrella-file-read du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-cdcnm-escalation du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-cpar-dos du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-rv-routers-traversal du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-rv-routers-disclosure du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-cimc-injection du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-sd-wan-injection du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-umbrella-priv du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-webex-id-mod du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-umbrella-api du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-webex-pe du 05 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180905-rv-routers-overflow du 05 septembre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Webex Meetings Suite (WBS33) versions ant\u00e9rieures \u00e0 WBS33.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Umbrella Roaming Module versions ant\u00e9rieures \u00e0 4.6.1098",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Webex Teams versions ant\u00e9rieures \u00e0 20180417-150803",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Access Registrar Software versions ant\u00e9rieures \u00e0 7.3.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vSmart Controller Software avec Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Webex Meetings versions ant\u00e9rieures \u00e0 1.3.37 (disponible \u00e0 partir du 14 septembre 2018)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Access Registrar Software versions 8.0.x ant\u00e9rieures \u00e0 8.0.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vEdge 2000 Series Routers avec Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vBond Orchestrator Software avec Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Integrated Management Controller (IMC) versions 3.1.x ant\u00e9rieures \u00e0 3.1(3a)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vManage Network Management System avec Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Umbrella Enterprise Roaming Client (ERC) versions ant\u00e9rieures \u00e0 2.1.127",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vEdge Cloud Router Platform avec Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Integrated Management Controller (IMC) versions 2.x et 3.0.x ant\u00e9rieures \u00e0 3.0(4d)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Data Center Network Manager versions ant\u00e9rieures \u00e0 11.0(1)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vEdge 1000 Series Routers avec Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Webex Meetings Server versions ant\u00e9rieures \u00e0 3.0MR2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco RV130W Wireless-N Multifunction VPN Router versions ant\u00e9rieures \u00e0 1.0.3.44",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vEdge 5000 Series Routers avec Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Umbrella API",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Webex Meetings Suite versions ant\u00e9rieures \u00e0 WBS32.15.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vEdge 100 Series Routers avec Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-0434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0434"
    },
    {
      "name": "CVE-2018-0438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0438"
    },
    {
      "name": "CVE-2018-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0433"
    },
    {
      "name": "CVE-2018-0436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0436"
    },
    {
      "name": "CVE-2018-0426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0426"
    },
    {
      "name": "CVE-2018-0425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0425"
    },
    {
      "name": "CVE-2018-0437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0437"
    },
    {
      "name": "CVE-2018-0423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0423"
    },
    {
      "name": "CVE-2018-0424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0424"
    },
    {
      "name": "CVE-2018-0421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0421"
    },
    {
      "name": "CVE-2018-0435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0435"
    },
    {
      "name": "CVE-2018-0430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0430"
    },
    {
      "name": "CVE-2018-0422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0422"
    },
    {
      "name": "CVE-2018-0431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0431"
    },
    {
      "name": "CVE-2018-0432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0432"
    },
    {
      "name": "CVE-2018-0440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0440"
    }
  ],
  "initial_release_date": "2018-09-06T00:00:00",
  "last_revision_date": "2018-09-06T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-423",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-09-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-sd-wan-escalation du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-escalation"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-sd-wan-validation du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-rv-routers-injection du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-injection"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-umbrella-file-read du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-file-read"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-cdcnm-escalation du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cdcnm-escalation"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-cpar-dos du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cpar-dos"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-rv-routers-traversal du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-traversal"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-rv-routers-disclosure du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-disclosure"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-cimc-injection du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cimc-injection"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-sd-wan-injection du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-injection"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-umbrella-priv du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-priv"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-webex-id-mod du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-umbrella-api du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-webex-pe du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-pe"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180905-rv-routers-overflow du 05 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-overflow"
    }
  ]
}

CNVD-2018-18789

Vulnerability from cnvd - Published: 2018-09-05

Title

Cisco SD-WAN Solution证书验证漏洞

Description

Cisco vEdge 100 Series Routers等都是美国思科（Cisco）公司的产品。Cisco vEdge 100 Series Routers是一款100系列的路由器产品。vManage Network Management System是一套网络管理系统。SD-WAN Solution是运行在其中的一套网络扩展解决方案。 Cisco SD-WAN Solution 18.3.0之前版本中的Zero Touch Provisioning功能存在安全漏洞，该漏洞源于软件对证书的验证不充分。远程攻击者可借助无效证书利用该漏洞未授权访问敏感数据。

Severity

高

Patch Name

Cisco SD-WAN Solution证书验证漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation

Reference

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0434

Impacted products

Name
Cisco SD-WAN Solution < 18.3.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0434"
    }
  },
  "description": "Cisco vEdge 100 Series Routers\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco vEdge 100 Series Routers\u662f\u4e00\u6b3e100\u7cfb\u5217\u7684\u8def\u7531\u5668\u4ea7\u54c1\u3002vManage Network Management System\u662f\u4e00\u5957\u7f51\u7edc\u7ba1\u7406\u7cfb\u7edf\u3002SD-WAN Solution\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u7f51\u7edc\u6269\u5c55\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCisco SD-WAN Solution 18.3.0\u4e4b\u524d\u7248\u672c\u4e2d\u7684Zero Touch Provisioning\u529f\u80fd\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8f6f\u4ef6\u5bf9\u8bc1\u4e66\u7684\u9a8c\u8bc1\u4e0d\u5145\u5206\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u65e0\u6548\u8bc1\u4e66\u5229\u7528\u8be5\u6f0f\u6d1e\u672a\u6388\u6743\u8bbf\u95ee\u654f\u611f\u6570\u636e\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-18789",
  "openTime": "2018-09-05",
  "patchDescription": "Cisco vEdge 100 Series Routers\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco vEdge 100 Series Routers\u662f\u4e00\u6b3e100\u7cfb\u5217\u7684\u8def\u7531\u5668\u4ea7\u54c1\u3002vManage Network Management System\u662f\u4e00\u5957\u7f51\u7edc\u7ba1\u7406\u7cfb\u7edf\u3002SD-WAN Solution\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u7f51\u7edc\u6269\u5c55\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCisco SD-WAN Solution 18.3.0\u4e4b\u524d\u7248\u672c\u4e2d\u7684Zero Touch Provisioning\u529f\u80fd\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8f6f\u4ef6\u5bf9\u8bc1\u4e66\u7684\u9a8c\u8bc1\u4e0d\u5145\u5206\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u65e0\u6548\u8bc1\u4e66\u5229\u7528\u8be5\u6f0f\u6d1e\u672a\u6388\u6743\u8bbf\u95ee\u654f\u611f\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco SD-WAN Solution\u8bc1\u4e66\u9a8c\u8bc1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco SD-WAN Solution \u003c 18.3.0"
  },
  "referenceLink": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0434",
  "serverity": "\u9ad8",
  "submitTime": "2018-09-10",
  "title": "Cisco SD-WAN Solution\u8bc1\u4e66\u9a8c\u8bc1\u6f0f\u6d1e"
}

GSD-2018-0434

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-0434

Aliases

CVE-2018-0434

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-0434",
    "description": "A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.",
    "id": "GSD-2018-0434"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-0434"
      ],
      "details": "A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.",
      "id": "GSD-2018-0434",
      "modified": "2023-12-13T01:22:25.335391Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2018-09-05T16:00:00-0500",
        "ID": "CVE-2018-0434",
        "STATE": "PUBLIC",
        "TITLE": "Cisco SD-WAN Solution Certificate Validation Vulnerability"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco SD-WAN Solution ",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": "8.1",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-295"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20180905 Cisco SD-WAN Solution Certificate Validation Vulnerability",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation"
          },
          {
            "name": "105294",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105294"
          }
        ]
      },
      "source": {
        "advisory": "cisco-sa-20180905-sd-wan-validation",
        "defect": [
          [
            "CSCvi69940"
          ]
        ],
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "18.3.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "18.3.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "18.3.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "18.3.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:vmanage_network_management_system:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0434"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-295"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20180905 Cisco SD-WAN Solution Certificate Validation Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation"
            },
            {
              "name": "105294",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105294"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2019-10-09T23:32Z",
      "publishedDate": "2018-10-05T14:29Z"
    }
  }
}

GHSA-6QQ2-F6XC-778X

Vulnerability from github – Published: 2022-05-13 01:35 – Updated: 2022-05-13 01:35

Details

Severity ?

7.4 (High)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-0434"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-05T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.",
  "id": "GHSA-6qq2-f6xc-778x",
  "modified": "2022-05-13T01:35:10Z",
  "published": "2022-05-13T01:35:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0434"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105294"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2018-0434

Vulnerability from fkie_nvd - Published: 2018-10-05 14:29 - Updated: 2024-11-21 03:38

Severity ?

7.4 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/105294	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105294	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	vedge_100_firmware	*
cisco	vedge_100	-
cisco	vedge_1000_firmware	*
cisco	vedge_1000	-
cisco	vedge_2000_firmware	*
cisco	vedge_2000	-
cisco	vedge_5000_firmware	*
cisco	vedge_5000	-
cisco	vmanage_network_management_system	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DA7EC35-E407-451C-A74C-7E56D802B868",
              "versionEndExcluding": "18.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00AAB4DD-1C45-412F-84AA-C056A0BBFB9A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA91A271-08ED-40C9-885B-D2F67BBF2B7E",
              "versionEndExcluding": "18.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F019975D-3A45-4522-9CB9-F4258C371DF6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "35386A93-1EBF-4347-B916-E915D574AF15",
              "versionEndExcluding": "18.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "140AF13E-4463-478B-AA94-97406A80CB86",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC8AC6B8-A07F-4E52-B2D0-F5EC3061060B",
              "versionEndExcluding": "18.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1356861D-E6CA-4973-9597-629507E8C07E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:vmanage_network_management_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D9794CD-0EE1-4203-A232-9365D4AEE837",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la caracter\u00edstica Zero Touch Provisioning de Cisco SD-WAN Solution podr\u00eda permitir que un atacante remoto no autenticado obtenga acceso no autorizado a datos sensibles utilizando un certificado no v\u00e1lido. Esta vulnerabilidad tambi\u00e9n se debe a la validaci\u00f3n insuficiente de certificados por parte del software afectado. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un certificado manipulado a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir a un atacante realizar ataques Man-in-the-Middle (MitM) para descifrar informaci\u00f3n confidencial en las conexiones del usuario al software afectado."
    }
  ],
  "id": "CVE-2018-0434",
  "lastModified": "2024-11-21T03:38:13.330",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-05T14:29:01.700",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105294"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105294"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-0434 (GCVE-0-2018-0434)

CERTFR-2018-AVI-423

Solution

CNVD-2018-18789

GSD-2018-0434

GHSA-6QQ2-F6XC-778X

FKIE_CVE-2018-0434

Tags

Sightings

Nomenclature