Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-1650

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the save command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user.

Published

2019-01-24T15:29:00.830

Last Modified

2024-11-21T04:37:00.823

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.0

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-20
  • Type: Primary
    CWE-78
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco vedge_100_firmware * Yes
Hardware cisco vedge_100 - No
Operating System cisco vedge_1000_firmware * Yes
Hardware cisco vedge_1000 - No
Operating System cisco vedge_2000_firmware * Yes
Hardware cisco vedge_2000 - No
Operating System cisco vedge_5000_firmware * Yes
Hardware cisco vedge_5000 - No
Application cisco sd-wan < 18.4.0 Yes
Application cisco vbond_orchestrator - Yes
Application cisco vmanage_network_management - Yes
Application cisco vsmart_controller - Yes
References