CVE-2018-15387— Cisco SD-WAN Solution Certificate Validation Bypass Vulnerability

Cisco SD-WAN Solution Certificate Validation Bypass Vulnerability

A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system image signed with a crafted certificate to an affected device, bypassing the certificate validation. An exploit could allow an attacker to deploy a crafted system image.

N/A

输入验证不恰当

Cisco SD-WAN Solution 输入验证错误漏洞

Cisco vEdge 100 Series Routers等都是美国思科（Cisco）公司的不同系列的路由器产品。SD-WAN Solution是运行在其中的一套网络扩展解决方案。 Cisco SD-WAN Solution 17.2.8之前版本和18.3.1之前版本中存在输入验证漏洞，该漏洞源于程序没有正确的验证证书。远程攻击者可通过向受影响的设备提交使用特制证书所签名的系统镜像利用该漏洞绕过证书检测，部署特制的系统镜像。以下产品受到影响：Cisco vBond Orchestrator Softwa

N/A

N/A