====================================================================


                             CERT-Renater

                 Note d'Information No. 2018/VULN314
_____________________________________________________________________

DATE                : 03/10/2018

HARDWARE PLATFORM(S): vBond Orchestrator Software,
                      vEdge 100 Series Routers,
                      vEdge 1000 Series Routers,
                      vEdge 2000 Series Routers,
                      vEdge 5000 Series Routers,
                      vEdge Cloud Router Platform,
                      vManage Network Management Software,
                      vSmart Controller Software.

OPERATING SYSTEM(S): Systems running Cisco SD-WAN Solution versions
                              prior to 17.2.8, 18.3.1.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-sd-wan-bypass
_____________________________________________________________________

Cisco Security Advisory: Cisco SD-WAN Solution Certificate Validation
Bypass Vulnerability

Advisory ID: cisco-sa-20181003-sd-wan-bypass

Revision: 1.0

For Public Release: 2018 October 3 16:00 GMT

Last Updated: 2018 October 3 16:00 GMT

CVE ID(s): CVE-2018-15387

CVSS Score v(3): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary

=======

A vulnerability in the Cisco SD-WAN Solution could allow an
unauthenticated, remote attacker to bypass certificate validation on an
affected device.

The vulnerability is due to improper certificate validation. An attacker
could exploit this vulnerability by supplying a system image signed with
a crafted certificate to an affected device, bypassing the certificate
validation. An exploit could allow an attacker to deploy a crafted
system image.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-sd-wan-bypass
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-sd-wan-bypass"]

=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================