CVE-2019-12629Command Injection in Cisco Sd-wan Solution

CWE-77Command InjectionCWE-78OS Command Injection4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.7%
top 26.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Sd-wan SolutionCisco Sd-wan Firmware
Timeline
PublishedJan 26
Latest updateMay 24

Description

A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_sd-wan_solutionunspecifiedn/a
NVDcisco/sd-wan_firmware< 18.3.0

🔴Vulnerability Details

2
GHSA
GHSA-r7cm-r8x5-rq3w: A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with2022-05-24
CVEList
Cisco SD-WAN vManage Command Injection Vulnerability2020-01-26

📋Vendor Advisories

1
Cisco
Cisco SD-WAN vManage Command Injection Vulnerability2020-01-22
CVE-2019-12629 — Command Injection in Cisco | cvebase