Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-1950

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier.

Published

2020-02-19T20:15:14.410

Last Modified

2024-11-21T04:37:45.133

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.4 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-255
Type: Primary
CWE-1188

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xe	≤ 16.11	Yes
Hardware	cisco	1100-4p_integrated_services_router	-	No
Hardware	cisco	1100-8p_integrated_services_router	-	No
Hardware	cisco	1101-4p_integrated_services_router	-	No
Hardware	cisco	1109-2p_integrated_services_router	-	No
Hardware	cisco	1109-4p_integrated_services_router	-	No
Hardware	cisco	1111x-8p_integrated_services_router	-	No
Hardware	cisco	4221_integrated_services_router	-	No
Hardware	cisco	4331_integrated_services_router	-	No
Hardware	cisco	4431_integrated_services_router	-	No
Hardware	cisco	4461_integrated_services_router	-	No
Hardware	cisco	asr_1000-x	-	No
Hardware	cisco	asr_1001-hx	-	No
Hardware	cisco	asr_1002-hx	-	No
Hardware	cisco	asr_1002-x	-	No
Hardware	cisco	asr_1004	-	No
Hardware	cisco	asr_1006	-	No
Hardware	cisco	asr_1006-x	-	No
Hardware	cisco	asr_1009-x	-	No
Hardware	cisco	asr_1013	-	No
Hardware	cisco	csr1000v	-	No
Hardware	cisco	ir1101	-	No
Hardware	cisco	nexus_56128p	-	No
Hardware	cisco	nexus_5624q	-	No
Hardware	cisco	nexus_5648q	-	No
Hardware	cisco	nexus_5672up	-	No
Hardware	cisco	nexus_5672up-16g	-	No
Hardware	cisco	nexus_5696q	-	No
Hardware	cisco	ucs-e1120d-m3	-	No
Hardware	cisco	ucs-e140s-m2	-	No
Hardware	cisco	ucs-e160d-m2	-	No
Hardware	cisco	ucs-e160s-m3	-	No
Hardware	cisco	ucs-e180d-m2	-	No
Hardware	cisco	ucs-e180d-m3	-	No

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-cred-EVGSF259 Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-cred-EVGSF259 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)