—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability
Advisory ID: cisco-sa-20180718-sdwan-fo
Revision: 1.0
For Public Release: 2018 July 18 16:00 GMT
Last Updated: 2018 July 18 16:00 GMT
CVE ID(s): CVE-2018-0349
CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
+———————————————————————
Summary
=======
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device.
The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the request admin-tech command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-fo [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-fo”]
—–BEGIN PGP SIGNATURE—–
iQJ5BAEBAgBjBQJbT2a+XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczs74P/ROSpNQb5ooSnFdw8CY9hoD057QO
Yi1gb334+N9Eqvl5zZa6ry2q5zyPPbQUXpj5hrzo2UM/fcxFVm6q2K9nBKMCTUkd
7oH/wWqn+8wLAgPTwIouQN3nrKURV52fvHFh2cYUqvJUkauUO9aa5uWUfszwzK02
zDun0q29ROlm5OJawbE/R0r1l5y37MgUpy1TeatqI4gy/BnETOfW8Shz14/xneNu
6BP2NKjbgS81bpMQgzgspceA8D3aU10vRVxD6/9KjCzaTfvWkEPlzW9DmiiRPPUS
0ERfaR2U5MmjUm2QXEV0zL4GU0mQLlZrRezYLbLK1OE2DPJj8ZQBmrNQp5P9yUhC
q0Vf4fKoXYodyKTYOZwNYdIm7Obk7NeTh088/kI7CQTxP5kB9kPx5SXOCQmPwoFe
ts9vS2FfkOLfNSOWPAzy71pkcD5aft6fTYmstfrIdeN4dYJQcSQQF8qCOD6sKdOV
8ThFyHT0MRBctWmPCERUclrko4fQrANwkZqfNxzHmEL13Iv1sk4MDHFbS2diPQsi
jmvfwGiQh+H9EoW8tHiMosS/u3gLD6N2DBUHNs6bGQEgC71GPaLIRWhFAVpvzQaJ
p0r7vwPoAIS+rX/Km4N03iZPK4fV2RSBTUWEFC7JWuKzgIOgn8kMQSMoKu4OrtaY
rmg7hRjbbaCMZrjv
=40Hz
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com