cvelistv5 - cve-2018-0345

CVE-2018-0345 (GCVE-0-2018-0345)

Vulnerability from cvelistv5

Published

2018-07-18 23:00

Modified

2024-11-29 14:53

Severity ?

CWE

CWE-20

Summary

A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that contain malicious code and are executed as the vmanage user of the configuration management system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69937.

References

URL

Tags

	http://www.securityfocus.com/bid/104859	vdb-entry, x_refsource_BID
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cisco SD-WAN Solution unknown	Version: Cisco SD-WAN Solution unknown

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:15.478Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104859",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104859"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0345",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:41:36.646505Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T14:53:18.176Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco SD-WAN Solution unknown",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco SD-WAN Solution unknown"
            }
          ]
        }
      ],
      "datePublic": "2018-07-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that contain malicious code and are executed as the vmanage user of the configuration management system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69937."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-21T09:57:01.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "104859",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104859"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0345",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco SD-WAN Solution unknown",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco SD-WAN Solution unknown"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that contain malicious code and are executed as the vmanage user of the configuration management system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69937."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104859",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104859"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0345",
    "datePublished": "2018-07-18T23:00:00.000Z",
    "dateReserved": "2017-11-27T00:00:00.000Z",
    "dateUpdated": "2024-11-29T14:53:18.176Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/104859\", \"name\": \"104859\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T03:21:15.478Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-0345\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-29T14:41:36.646505Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-29T14:42:06.948Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"Cisco SD-WAN Solution unknown\", \"versions\": [{\"status\": \"affected\", \"version\": \"Cisco SD-WAN Solution unknown\"}]}], \"datePublic\": \"2018-07-18T00:00:00.000Z\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/104859\", \"name\": \"104859\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that contain malicious code and are executed as the vmanage user of the configuration management system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69937.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2018-07-21T09:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"Cisco SD-WAN Solution unknown\"}]}, \"product_name\": \"Cisco SD-WAN Solution unknown\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.securityfocus.com/bid/104859\", \"name\": \"104859\", \"refsource\": \"BID\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx\", \"name\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that contain malicious code and are executed as the vmanage user of the configuration management system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69937.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-20\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-0345\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@cisco.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2018-0345\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-29T14:53:18.176Z\", \"dateReserved\": \"2017-11-27T00:00:00.000Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2018-07-18T23:00:00.000Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2018-AVI-352

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Webex Meetings Suite (WBS32) - Webex Network Recording Player et Webex Player versions antérieures à WBS32.15
Cisco	N/A	Cisco Webex Meetings Server - Webex Network Recording Player versions antérieures à 3.0MR1
Cisco	N/A	vEdge 1000 Series Routers avec une version de SD-WAN Solution antérieure à 18.3.0
Cisco	N/A	vBond Orchestrator Software avec une version de SD-WAN Solution antérieure à 18.3.0
Cisco	N/A	Cisco Nexus 9000 Series Fabric Switches en mode ACI avec une version logicielle 13.0(1k)
Cisco	N/A	Cisco Policy Suite versions antérieures à Release 18.2.0
Cisco	N/A	vManage Network Management Software avec une version de SD-WAN Solution antérieure à 18.3.0
Cisco	N/A	vEdge Cloud Router Platform avec une version de SD-WAN Solution antérieure à 18.3.0
Cisco	N/A	Cisco Webex Meetings Suite (WBS31) - Webex Network Recording Player et Webex Player versions antérieures à WBS31.23
Cisco	N/A	Cisco Webex Meetings Suite (WBS33) - Webex Network Recording Player et Webex Player versions antérieures à WBS33.2
Cisco	N/A	vSmart Controller Software avec une version de SD-WAN Solution antérieure à 18.3.0
Cisco	N/A	vEdge 5000 Series Routers avec une version de SD-WAN Solution antérieure à 18.3.0
Cisco	N/A	vEdge 2000 Series Routers avec une version de SD-WAN Solution antérieure à 18.3.0
Cisco	N/A	Cisco Webex Meetings Online - Webex Network Recording Player et WebEx Player versions antérieures à 1.3.35
Cisco	N/A	vEdge 100 Series Routers avec une version de SD-WAN Solution antérieure à 18.3.0

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20180718-sdwan-cx du 18 juillet 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180718-webex-rce du 18 juillet 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180718-policy-unauth-access du 18 juillet 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180718-sdwan-cmdnjct du 18 juillet 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180718-policy-cm-default-psswrd du 18 juillet 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180718-ps-osgi-unauth-access du 18 juillet 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180718-pspb-unauth-access du 18 juillet 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180718-sdwan-coinj du 18 juillet 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180718-sdwan-dos du 18 juillet 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180718-sdwan-fo du 18 juillet 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180718-sdwan-cmdinj du 18 juillet 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180718-sdwan-ci du 18 juillet 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-20180718-nexus-9000-dos du 18 juillet 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Webex Meetings Suite (WBS32) - Webex Network Recording Player et Webex Player versions ant\u00e9rieures \u00e0 WBS32.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Webex Meetings Server - Webex Network Recording Player versions ant\u00e9rieures \u00e0 3.0MR1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vEdge 1000 Series Routers avec une version de SD-WAN Solution ant\u00e9rieure \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vBond Orchestrator Software avec une version de SD-WAN Solution ant\u00e9rieure \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Nexus 9000 Series Fabric Switches en mode ACI avec une version logicielle 13.0(1k)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Policy Suite versions ant\u00e9rieures \u00e0 Release 18.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vManage Network Management Software avec une version de SD-WAN Solution ant\u00e9rieure \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vEdge Cloud Router Platform avec une version de SD-WAN Solution ant\u00e9rieure \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Webex Meetings Suite (WBS31) - Webex Network Recording Player et Webex Player versions ant\u00e9rieures \u00e0 WBS31.23",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Webex Meetings Suite (WBS33) - Webex Network Recording Player et Webex Player versions ant\u00e9rieures \u00e0 WBS33.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vSmart Controller Software avec une version de SD-WAN Solution ant\u00e9rieure \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vEdge 5000 Series Routers avec une version de SD-WAN Solution ant\u00e9rieure \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vEdge 2000 Series Routers avec une version de SD-WAN Solution ant\u00e9rieure \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Webex Meetings Online - Webex Network Recording Player et WebEx Player versions ant\u00e9rieures \u00e0 1.3.35",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "vEdge 100 Series Routers avec une version de SD-WAN Solution ant\u00e9rieure \u00e0 18.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-0376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0376"
    },
    {
      "name": "CVE-2018-0372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0372"
    },
    {
      "name": "CVE-2018-0377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0377"
    },
    {
      "name": "CVE-2018-0348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0348"
    },
    {
      "name": "CVE-2018-0349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0349"
    },
    {
      "name": "CVE-2018-0346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0346"
    },
    {
      "name": "CVE-2018-0351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0351"
    },
    {
      "name": "CVE-2018-0379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0379"
    },
    {
      "name": "CVE-2018-0374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0374"
    },
    {
      "name": "CVE-2018-0375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0375"
    },
    {
      "name": "CVE-2018-0347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0347"
    },
    {
      "name": "CVE-2018-0350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0350"
    },
    {
      "name": "CVE-2018-0345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0345"
    }
  ],
  "initial_release_date": "2018-07-19T00:00:00",
  "last_revision_date": "2018-07-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-352",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-07-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180718-sdwan-cx du 18 juillet 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180718-webex-rce du 18 juillet 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-rce"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180718-policy-unauth-access du 18 juillet 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-unauth-access"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180718-sdwan-cmdnjct du 18 juillet 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdnjct"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180718-policy-cm-default-psswrd du 18 juillet 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-cm-default-psswrd"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180718-ps-osgi-unauth-access du 18 juillet 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180718-pspb-unauth-access du 18 juillet 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-pspb-unauth-access"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180718-sdwan-coinj du 18 juillet 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-coinj"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180718-sdwan-dos du 18 juillet 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-dos"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180718-sdwan-fo du 18 juillet 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-fo"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180718-sdwan-cmdinj du 18 juillet 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdinj"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180718-sdwan-ci du 18 juillet 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-20180718-nexus-9000-dos du 18 juillet 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-20180718-nexus-9000-dos"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-0345 (GCVE-0-2018-0345)

Vulnerability from cvelistv5

CERTFR-2018-AVI-352

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature