CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-15387

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0600%
EPSS Percentile27.04th
Published2018年10月5日
Last Modified2024年11月21日

Vulnerability Description

A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system image signed with a crafted certificate to an affected device, bypassing the certificate validation. An exploit could allow an attacker to deploy a crafted system image.

Affected Platforms (CPE)

📦
Cisco

Sd Wan

>= 17.2.0 and < 17.2.8
📦
Cisco

Sd Wan

= 18.3.0

References & Advisories

🔗 http://www.securityfocus.com/bid/105509
🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-sd-wan-bypass
🔗 http://www.securityfocus.com/bid/105509
🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-sd-wan-bypass

関連する脆弱性情報

CVE-2002-215910.0

Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remot...

CVE-2020-1470110.0

Vulnerability in the Oracle SD-WAN Aware product of Oracle Communications Applications (component: User Interface). The supported ...

CVE-2020-1460610.0

Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface). Supported versi...

CVE-2011-450110.0

The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF5...