Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability
Informations
Name cisco-sa-20180718-sdwan-fo First vendor Publication 2018-07-18
Vendor Cisco Last vendor Modification 2018-07-18
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device.

The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the request admin-tech command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-fo ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-fo"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJbT2a+XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczs74P/ROSpNQb5ooSnFdw8CY9hoD057QO Yi1gb334+N9Eqvl5zZa6ry2q5zyPPbQUXpj5hrzo2UM/fcxFVm6q2K9nBKMCTUkd 7oH/wWqn+8wLAgPTwIouQN3nrKURV52fvHFh2cYUqvJUkauUO9aa5uWUfszwzK02 zDun0q29ROlm5OJawbE/R0r1l5y37MgUpy1TeatqI4gy/BnETOfW8Shz14/xneNu 6BP2NKjbgS81bpMQgzgspceA8D3aU10vRVxD6/9KjCzaTfvWkEPlzW9DmiiRPPUS 0ERfaR2U5MmjUm2QXEV0zL4GU0mQLlZrRezYLbLK1OE2DPJj8ZQBmrNQp5P9yUhC q0Vf4fKoXYodyKTYOZwNYdIm7Obk7NeTh088/kI7CQTxP5kB9kPx5SXOCQmPwoFe ts9vS2FfkOLfNSOWPAzy71pkcD5aft6fTYmstfrIdeN4dYJQcSQQF8qCOD6sKdOV 8ThFyHT0MRBctWmPCERUclrko4fQrANwkZqfNxzHmEL13Iv1sk4MDHFbS2diPQsi jmvfwGiQh+H9EoW8tHiMosS/u3gLD6N2DBUHNs6bGQEgC71GPaLIRWhFAVpvzQaJ p0r7vwPoAIS+rX/Km4N03iZPK4fV2RSBTUWEFC7JWuKzgIOgn8kMQSMoKu4OrtaY rmg7hRjbbaCMZrjv =40Hz END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1
Application 1
Application 1
Application 1

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2018-09-20 00:21:07
  • Multiple Updates
2018-07-19 05:20:08
  • Multiple Updates
2018-07-18 21:18:51
  • First insertion