CVE-2019-16011Command Injection in Cisco IOS XE Sd-wan Software

CWE-77Command InjectionCWE-20Improper Input Validation5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 72.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE Sd-wan SoftwareCisco IOS XE
Timeline
PublishedApr 29
Latest updateMay 24

Description

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root priv

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_sd-wan_softwareunspecified17.2.1r
NVDcisco/ios_xe16.1217.2.1r+5

🔴Vulnerability Details

2
GHSA
GHSA-6xvj-hfc5-c4v6: A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed2022-05-24
CVEList
Cisco IOS XE SD-WAN Software Command Injection Vulnerability2020-04-29

📋Vendor Advisories

1
Cisco
Cisco IOS XE SD-WAN Software Command Injection Vulnerability2020-04-29
CVE-2019-16011 — Command Injection in Cisco | cvebase