Vedge 100 Firmware
CVE-2018-0433
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.
AnalysisAI
A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges. Affected products include: Cisco Vedge 100 Firmware, Cisco Vedge 1000 Firmware, Cisco Vedge 2000 Firmware, Cisco Vedge 5000 Firmware, Cisco Vbond Orchestrator.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.
More in Vedge 100 Firmware
View allA vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files
A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacke
A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote att
A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated,
A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, r
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privil
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary com
A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacke
A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate p
A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local att
A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today