Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-1646

A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. The vulnerability exists because user input is not properly sanitized for certain commands at the CLI. An attacker could exploit this vulnerability by sending crafted commands to the CLI of an affected device. A successful exploit could allow the attacker to establish an interactive session with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device.

Published

2019-01-24T15:29:00.643

Last Modified

2024-11-21T04:37:00.230

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-264
  • Type: Primary
    CWE-77
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco vedge_100_firmware * Yes
Hardware cisco vedge_100 - No
Operating System cisco vedge_1000_firmware * Yes
Hardware cisco vedge_1000 - No
Operating System cisco vedge_2000_firmware * Yes
Hardware cisco vedge_2000 - No
Operating System cisco vedge_5000_firmware * Yes
Hardware cisco vedge_5000 - No
Application cisco sd-wan < 18.4.0 Yes
Application cisco vbond_orchestrator - Yes
Application cisco vmanage_network_management - Yes
Application cisco vsmart_controller - Yes
References