Lucene search

[email protected]NVD:CVE-2018-0434

HistoryOct 05, 2018 - 2:29 p.m.

CVE-2018-0434

2018-10-0514:29:01

CWE-295

[email protected]

web.nvd.nist.gov

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

52.9%

JSON

A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.

Affected configurations

Nvd

Node

ciscovedge_100_firmwareRange<18.3.0

AND

ciscovedge_100Match-

Node

ciscovedge_1000_firmwareRange<18.3.0

AND

ciscovedge_1000Match-

Node

ciscovedge_2000_firmwareRange<18.3.0

AND

ciscovedge_2000Match-

Node

ciscovedge_5000_firmwareRange<18.3.0

AND

ciscovedge_5000Match-

Node

ciscovmanage_network_management_systemMatch-

VendorProductVersionCPE
ciscovedge_100_firmware*cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*
ciscovedge_100-cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*
ciscovedge_1000_firmware*cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*
ciscovedge_1000-cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*
ciscovedge_2000_firmware*cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*
ciscovedge_2000-cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*
ciscovedge_5000_firmware*cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*
ciscovedge_5000-cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*
ciscovmanage_network_management_system-cpe:2.3:a:cisco:vmanage_network_management_system:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	vedge_100_firmware	*	cpe:2.3:o:cisco:vedge_100_firmware::::::::
cisco	vedge_100	-	cpe:2.3:h:cisco:vedge_100:-:::::::*
cisco	vedge_1000_firmware	*	cpe:2.3:o:cisco:vedge_1000_firmware::::::::
cisco	vedge_1000	-	cpe:2.3:h:cisco:vedge_1000:-:::::::*
cisco	vedge_2000_firmware	*	cpe:2.3:o:cisco:vedge_2000_firmware::::::::
cisco	vedge_2000	-	cpe:2.3:h:cisco:vedge_2000:-:::::::*
cisco	vedge_5000_firmware	*	cpe:2.3:o:cisco:vedge_5000_firmware::::::::
cisco	vedge_5000	-	cpe:2.3:h:cisco:vedge_5000:-:::::::*
cisco	vmanage_network_management_system	-	cpe:2.3:a:cisco:vmanage_network_management_system:-:::::::*

References

www.securityfocus.com/bid/105294

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

52.9%

JSON

Related for NVD:CVE-2018-0434

prion1 cve1 cvelist1 cisco1