[Forgot Password]
Login  Register Subscribe

24437

 
 

132176

 
 

119400

 
 

909

 
 

97120

 
 

144

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2018-0432Date: (C)2018-10-08   (M)2019-01-09


A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the error reporting application configuration. An attacker could exploit this vulnerability by sending a crafted command to the error reporting feature. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 8.8CVSS Score : 9.0
Exploit Score: 2.8Exploit Score: 8.0
Impact Score: 5.9Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: SINGLE_INSTANCE
User Interaction: NONEConfidentiality: COMPLETE
Scope: UNCHANGEDIntegrity: COMPLETE
Confidentiality: HIGHAvailability: COMPLETE
Integrity: HIGH 
Availability: HIGH 
  
Reference:
BID-105296
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-escalation

CWE    1
CWE-264

© SecPod Technologies