—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco SD-WAN Solution VPN Subsystem Command Injection Vulnerability

Advisory ID: cisco-sa-20180718-sdwan-cmdinj

Revision: 1.0

For Public Release: 2018 July 18 16:00 GMT

Last Updated: 2018 July 18 16:00 GMT

CVE ID(s): CVE-2018-0350

CVSS Score v(3): 7.2 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary

=======

A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page.

The attacker must be authenticated to access the affected parameter. A successful exploit could allow the attacker to execute commands with root privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdinj [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdinj”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbT2bAXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczjI4QAKdmUVYozTv/TeiqIcfeLMHmmWNJ
ut286+8QKCKn2OFQgOw5LWGYEiUy/l9fxRQqBlqOBxJ0HWbEcPcRfInMFf3gVdlH
srQO3nkZoYVHf/uAAKdDfuiuwkmldX0CjyZW83JfVJip0A+DzEVQqB/zXOQWG2wf
xjAo8B9WezID0lCDhrsQe3oW5hiysUeNaESTCbV5+o/Ur/roxDSxjevv1hl8DYrX
7dTFLMlKkw3kl8IYIF/DW7B6t30Fjw0TvsOWcI7BHTnj3h5VpeOD4JSksG5b+wee
r2jUXfATxr0ATolx3P4ICqAiHwHlmejHJrexsMl9TZzOxMMO5YY4nPWpFiL1RVQX
sVEvBtBlO1K3tPxtThvVzGH0j2Xo6M4zVzPT3KHige9ytfCBT2C/bzZmnm3QuZw8
TzkOnweII6TFEijQnWVDciCLaFl8CCoxTr84Yxhsdj+v/mqvFezzoXKbPFIwwImv
Q44xub9eBbMC1J63COQrqDnnr5ywxYjM2H1cbayX3vpg1qMioNUuwio5dAIfhg3d
ypLyNjfhMmie+n/U3MICGcu46tkuooAXRHBGqA7bP9qkEYdhfy9rUZZxzHlp+yo8
z7ZHHGghKbGmOr0nOQwEGyf8MtcuRO6/HlNU93wxSVgdD1PqlWOVi7u+El/9vEN7
Kk6/JQKKE6nXSokh
=L6cA
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com