Command Injection Vulnerability in Cisco SD-WAN Solution's Tcpdump Utility
CVE-2018-0351

7.8HIGH

Key Information:

Vendor
Cisco
Status
Cisco Sd-wan Solution Unknown
Vendor
CVE Published:
18 July 2018

Summary

A command injection vulnerability exists in the tcpdump utility of the Cisco SD-WAN Solution due to inadequate input validation. An authenticated local attacker could exploit this flaw by submitting specially crafted input to the tcpdump, resulting in the execution of arbitrary commands with root privileges. This vulnerability affects various Cisco SD-WAN products prior to Release 18.3.0. Attackers must first authenticate to the device to leverage this vulnerability, allowing them to potentially compromise system integrity.

Affected Version(s)

Cisco SD-WAN Solution unknown Cisco SD-WAN Solution unknown

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104860
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.