Vulnerability Details CVE-2018-0432
A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the error reporting application configuration. An attacker could exploit this vulnerability by sending a crafted command to the error reporting feature. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.023
EPSS Ranking 83.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2018-0432
-
cpe:2.3:a:cisco:vmanage_network_management_system:-
-
cpe:2.3:h:cisco:vedge_1000:-
-
cpe:2.3:h:cisco:vedge_100:-
-
cpe:2.3:h:cisco:vedge_2000:-
-
cpe:2.3:h:cisco:vedge_5000:-
-
cpe:2.3:o:cisco:vedge_1000_firmware:-
-
cpe:2.3:o:cisco:vedge_1000_firmware:16.9
-
cpe:2.3:o:cisco:vedge_1000_firmware:16.9.1
-
cpe:2.3:o:cisco:vedge_1000_firmware:16.9.3
-
cpe:2.3:o:cisco:vedge_100_firmware:-
-
cpe:2.3:o:cisco:vedge_2000_firmware:-
-
cpe:2.3:o:cisco:vedge_5000_firmware:-