CVE-2018-0433
Summary
| CVE | CVE-2018-0433 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-10-05 14:29:00 UTC |
| Updated | 2020-08-28 18:46:00 UTC |
| Description | A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Vbond Orchestrator | - | All | All | All |
| Application | Cisco | Vbond Orchestrator | - | All | All | All |
| Hardware | Cisco | Vedge 100 | - | All | All | All |
| Hardware | Cisco | Vedge 100 | - | All | All | All |
| Hardware | Cisco | Vedge 1000 | - | All | All | All |
| Hardware | Cisco | Vedge 1000 | - | All | All | All |
| Operating System | Cisco | Vedge 1000 Firmware | All | All | All | All |
| Operating System | Cisco | Vedge 1000 Firmware | All | All | All | All |
| Operating System | Cisco | Vedge 100 Firmware | All | All | All | All |
| Operating System | Cisco | Vedge 100 Firmware | All | All | All | All |
| Hardware | Cisco | Vedge 2000 | - | All | All | All |
| Hardware | Cisco | Vedge 2000 | - | All | All | All |
| Operating System | Cisco | Vedge 2000 Firmware | All | All | All | All |
| Operating System | Cisco | Vedge 2000 Firmware | All | All | All | All |
| Hardware | Cisco | Vedge 5000 | - | All | All | All |
| Hardware | Cisco | Vedge 5000 | - | All | All | All |
| Operating System | Cisco | Vedge 5000 Firmware | All | All | All | All |
| Operating System | Cisco | Vedge 5000 Firmware | All | All | All | All |
| Application | Cisco | Vedge Cloud Router Platform | - | All | All | All |
| Application | Cisco | Vedge Cloud Router Platform | - | All | All | All |
| Application | Cisco | Vmanage Network Management System | - | All | All | All |
| Application | Cisco | Vmanage Network Management System | - | All | All | All |
| Application | Cisco | Vsmart Controller | - | All | All | All |
| Application | Cisco | Vsmart Controller | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco SD-WAN CVE-2018-0433 Local Command Injection Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Cisco SD-WAN Solution Command Injection Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.