CyberSec.Space Logo
Back to CVE Browser

CVE-2018-15387

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0600%
EPSS Percentile27.04th
PublishedOct 5, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system image signed with a crafted certificate to an affected device, bypassing the certificate validation. An exploit could allow an attacker to deploy a crafted system image.

Affected Platforms (CPE)

πŸ“¦
Cisco

Sd Wan

>= 17.2.0 and < 17.2.8
πŸ“¦
Cisco

Sd Wan

= 18.3.0

References & Advisories

πŸ”— http://www.securityfocus.com/bid/105509
πŸ”— https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-sd-wan-bypass
πŸ”— http://www.securityfocus.com/bid/105509
πŸ”— https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-sd-wan-bypass

Related Vulnerabilities

CVE-2002-215910.0

Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remot...

CVE-2020-1470110.0

Vulnerability in the Oracle SD-WAN Aware product of Oracle Communications Applications (component: User Interface). The supported ...

CVE-2020-1460610.0

Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface). Supported versi...

CVE-2011-450110.0

The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF5...