Denial of Service Vulnerability in Cisco SD-WAN Solution
CVE-2018-0346

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco Sd-wan Solution Unknown
Vendor: CVE Published:; 18 July 2018

Summary

A flaw in the Zero Touch Provisioning service of Cisco's SD-WAN Solution allows unauthenticated remote attackers to exploit incorrect bounds checks in packet handling. Attackers can send specifically crafted packets to an affected device, triggering a buffer overflow that causes the device to reload. This results in a temporary denial of service, impacting the availability of services. It is important to note that exploitation occurs solely through traffic intended for the vulnerable device and not through passing traffic. Affected products are any Cisco devices operating pre-18.3.0 versions of the SD-WAN Solution.

Affected Version(s)

Cisco SD-WAN Solution unknown Cisco SD-WAN Solution unknown

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104855

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2018
Vulnerability Reserved
Nov 27, 2017