CVE-2018-0432

CVE Database · CVE-2018-0432

CVE-2018-0432

· N/AModified

CVSS v3.1

N/A

EPSS

2.63%

Published

Oct 5, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the error reporting application configuration. An attacker could exploit this vulnerability by sending a crafted command to the error reporting feature. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.

Weaknesses (CWE)

CWE-264CWE-78

Affected Products (9)

cisco · vedge_100_firmware (up to 18.3.0)vulnerable

cisco · vedge_100

cisco · vedge_1000_firmware (up to 18.3.0)vulnerable

cisco · vedge_1000

cisco · vedge_2000_firmware (up to 18.3.0)vulnerable

cisco · vedge_2000

cisco · vedge_5000_firmware (up to 18.3.0)vulnerable

cisco · vedge_5000

cisco · vmanage_network_management_systemvulnerable