Executive Summary
Summary | |
---|---|
Title | Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180718-sdwan-fo | First vendor Publication | 2018-07-18 |
Vendor | Cisco | Last vendor Modification | 2018-07-18 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the request admin-tech command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-fo ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-fo"] BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJbT2a+XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczs74P/ROSpNQb5ooSnFdw8CY9hoD057QO Yi1gb334+N9Eqvl5zZa6ry2q5zyPPbQUXpj5hrzo2UM/fcxFVm6q2K9nBKMCTUkd 7oH/wWqn+8wLAgPTwIouQN3nrKURV52fvHFh2cYUqvJUkauUO9aa5uWUfszwzK02 zDun0q29ROlm5OJawbE/R0r1l5y37MgUpy1TeatqI4gy/BnETOfW8Shz14/xneNu 6BP2NKjbgS81bpMQgzgspceA8D3aU10vRVxD6/9KjCzaTfvWkEPlzW9DmiiRPPUS 0ERfaR2U5MmjUm2QXEV0zL4GU0mQLlZrRezYLbLK1OE2DPJj8ZQBmrNQp5P9yUhC q0Vf4fKoXYodyKTYOZwNYdIm7Obk7NeTh088/kI7CQTxP5kB9kPx5SXOCQmPwoFe ts9vS2FfkOLfNSOWPAzy71pkcD5aft6fTYmstfrIdeN4dYJQcSQQF8qCOD6sKdOV 8ThFyHT0MRBctWmPCERUclrko4fQrANwkZqfNxzHmEL13Iv1sk4MDHFbS2diPQsi jmvfwGiQh+H9EoW8tHiMosS/u3gLD6N2DBUHNs6bGQEgC71GPaLIRWhFAVpvzQaJ p0r7vwPoAIS+rX/Km4N03iZPK4fV2RSBTUWEFC7JWuKzgIOgn8kMQSMoKu4OrtaY rmg7hRjbbaCMZrjv =40Hz END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 | |
Application | 1 | |
Application | 1 | |
Application | 1 |
Alert History
Date | Informations |
---|---|
2018-09-20 00:21:07 |
|
2018-07-19 05:20:08 |
|
2018-07-18 21:18:51 |
|