You are here
Home > Preporuke > Ranjivost Cisco SD-WAN Solution proizvoda

Ranjivost Cisco SD-WAN Solution proizvoda

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco SD-WAN Solution Certificate Validation Vulnerability

Advisory ID: cisco-sa-20180905-sd-wan-validation

Revision: 1.0

For Public Release: 2018 September 5 16:00 GMT

Last Updated: 2018 September 5 16:00 GMT

CVE ID(s): CVE-2018-0434

CVSS Score v(3): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary

=======

A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate.

The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbkADGXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczkfcQANLjgUx5ebv04q+MdA3D3qgsTcwS
RdzBjA3r2RuGivwLoxsBKX3FNxqGJwpS9nZCbfmGQ4UYfk5qRQ9yr4YXL7XbXuOc
RZG+pvscvcTfSEkjcPXa16NWgRKNnPWFeFmHC0NIvj3jJrTq3zzMePmvetAvWK3l
0SrWxafKKXvUdtHwELXTJXucmssrWDq1mAcB1XuxBiUJeP518/6bxcCBY2o340Vw
jzQWZ1kZ4bi7L05dbJ8V5ombf2TDtabwpkW20joAJxeMVjZ11i7Fkoff9SsTurLd
HJy02KZnC6TTZmttp8JZBACmCgGssEUvWmiRyGQl2R9ud2knSPSDoXSchiXDuvEJ
jWJtt2cyX0Sn4RmuI5M+xKMwN/J6W/yjwIvzxMbJ5u2gejrf9OTVs1D90f0rPQuM
jZ8oXa93OOVyK//i8AR2n3rgbFzwJQnezdhnCcG+5k5BPmz2/DperCTLyTfKCFfT
GCIF/FgwyjHqLITmM1sx/1fnmYjGHt5C+yL+edaa6uxS2hgEskCq8t4te9MSfcEG
Ugduk5wHGMjGu76kO8vRNVDT5oVLmB3poM41/YU+1UayYDwFUEqGYNhnd0NcazE6
PKBcwteZb9ZCbuhQc7UO0ykiuW2Pvynn5oALFx3DqANknGSi22zrWi9JUpRjdHVD
5epW2CPU/RtyVqWe
=Jbiv
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

Top
More in Preporuke
Ranjivost Cisco SD-WAN Solution proizvoda

Otkrivena je ranjivost u sučelju naredbenog retka kod Cisco SD-WAN Solution proizvoda uzrokovana nedostatnom provjerom unosa. Ranjivost potencijalnim autenticiranim napadačima...

Close