—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco SD-WAN Solution Certificate Validation Vulnerability
Advisory ID: cisco-sa-20180905-sd-wan-validation
Revision: 1.0
For Public Release: 2018 September 5 16:00 GMT
Last Updated: 2018 September 5 16:00 GMT
CVE ID(s): CVE-2018-0434
CVSS Score v(3): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
+———————————————————————
Summary
=======
A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate.
The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation”]
—–BEGIN PGP SIGNATURE—–
iQJ5BAEBAgBjBQJbkADGXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczkfcQANLjgUx5ebv04q+MdA3D3qgsTcwS
RdzBjA3r2RuGivwLoxsBKX3FNxqGJwpS9nZCbfmGQ4UYfk5qRQ9yr4YXL7XbXuOc
RZG+pvscvcTfSEkjcPXa16NWgRKNnPWFeFmHC0NIvj3jJrTq3zzMePmvetAvWK3l
0SrWxafKKXvUdtHwELXTJXucmssrWDq1mAcB1XuxBiUJeP518/6bxcCBY2o340Vw
jzQWZ1kZ4bi7L05dbJ8V5ombf2TDtabwpkW20joAJxeMVjZ11i7Fkoff9SsTurLd
HJy02KZnC6TTZmttp8JZBACmCgGssEUvWmiRyGQl2R9ud2knSPSDoXSchiXDuvEJ
jWJtt2cyX0Sn4RmuI5M+xKMwN/J6W/yjwIvzxMbJ5u2gejrf9OTVs1D90f0rPQuM
jZ8oXa93OOVyK//i8AR2n3rgbFzwJQnezdhnCcG+5k5BPmz2/DperCTLyTfKCFfT
GCIF/FgwyjHqLITmM1sx/1fnmYjGHt5C+yL+edaa6uxS2hgEskCq8t4te9MSfcEG
Ugduk5wHGMjGu76kO8vRNVDT5oVLmB3poM41/YU+1UayYDwFUEqGYNhnd0NcazE6
PKBcwteZb9ZCbuhQc7UO0ykiuW2Pvynn5oALFx3DqANknGSi22zrWi9JUpRjdHVD
5epW2CPU/RtyVqWe
=Jbiv
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com