Lucene search
CiscoCVELIST:CVE-2018-0434HistorySep 05, 2018 - 12:00 a.m.
CVE-2018-0434 Cisco SD-WAN Solution Certificate Validation Vulnerability
2018-09-0500:00:00
CWE-295
cisco
www.cve.org
A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.
CNA Affected
[
{
"product": "Cisco SD-WAN Solution ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2018-10-05 14:29:00
cve
cve
CVE-2018-0434
2018-10-05 14:29:01
nvd
nvd
CVE-2018-0434
2018-10-05 14:29:01
cisco
cisco
Cisco SD-WAN Solution Certificate Validation Vulnerability
2018-09-05 16:00:00