Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-0434

A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.

Published

2018-10-05T14:29:01.700

Last Modified

2024-11-21T03:38:13.330

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.4 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

4.9

Weaknesses
  • Type: Secondary
    CWE-295
  • Type: Primary
    CWE-295
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco vedge_100_firmware < 18.3.0 Yes
Hardware cisco vedge_100 - No
Operating System cisco vedge_1000_firmware < 18.3.0 Yes
Hardware cisco vedge_1000 - No
Operating System cisco vedge_2000_firmware < 18.3.0 Yes
Hardware cisco vedge_2000 - No
Operating System cisco vedge_5000_firmware < 18.3.0 Yes
Hardware cisco vedge_5000 - No
Application cisco vmanage_network_management_system - Yes
References