CVE-2018-0434
Summary
| CVE | CVE-2018-0434 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-10-05 14:29:00 UTC |
| Updated | 2019-10-09 23:32:00 UTC |
| Description | A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. |
Risk And Classification
Problem Types: CWE-295
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Vedge 100 | - | All | All | All |
| Hardware | Cisco | Vedge 100 | - | All | All | All |
| Hardware | Cisco | Vedge 1000 | - | All | All | All |
| Hardware | Cisco | Vedge 1000 | - | All | All | All |
| Operating System | Cisco | Vedge 1000 Firmware | All | All | All | All |
| Operating System | Cisco | Vedge 1000 Firmware | All | All | All | All |
| Operating System | Cisco | Vedge 100 Firmware | All | All | All | All |
| Operating System | Cisco | Vedge 100 Firmware | All | All | All | All |
| Hardware | Cisco | Vedge 2000 | - | All | All | All |
| Hardware | Cisco | Vedge 2000 | - | All | All | All |
| Operating System | Cisco | Vedge 2000 Firmware | All | All | All | All |
| Operating System | Cisco | Vedge 2000 Firmware | All | All | All | All |
| Hardware | Cisco | Vedge 5000 | - | All | All | All |
| Hardware | Cisco | Vedge 5000 | - | All | All | All |
| Operating System | Cisco | Vedge 5000 Firmware | All | All | All | All |
| Operating System | Cisco | Vedge 5000 Firmware | All | All | All | All |
| Application | Cisco | Vmanage Network Management System | - | All | All | All |
| Application | Cisco | Vmanage Network Management System | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco SD-WAN Solution Certificate Validation Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| Cisco SD-WAN CVE-2018-0434 Certificate Validation Security Bypass Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.