Lucene search
PRIOn knowledge basePRION:CVE-2018-0434HistoryOct 05, 2018 - 2:29 p.m.
Design/Logic Flaw
2018-10-0514:29:00
PRIOn knowledge base
www.prio-n.com
5
A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vedge_1000_firmware | lt | 18.3.0 | |
| vedge_100_firmware | lt | 18.3.0 | |
| vedge_2000_firmware | lt | 18.3.0 | |
| vedge_5000_firmware | lt | 18.3.0 |
Related
cve
cve
CVE-2018-0434
2018-10-05 14:29:01
nvd
nvd
CVE-2018-0434
2018-10-05 14:29:01
cisco
cisco
Cisco SD-WAN Solution Certificate Validation Vulnerability
2018-09-05 16:00:00
cvelist
cvelist
CVE-2018-0434 Cisco SD-WAN Solution Certificate Validation Vulnerability
2018-09-05 00:00:00