cbcvebase.
CVE-2019-16012
published 2020-03-19

CVE-2019-16012: A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an…

PriorityP265high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
54.25%
98.9th percentile
A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web UI improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on, or return values from, the underlying database as well as the operating system.

Affected

3 ranges
VendorProductVersion rangeFixed in
ciscocisco_vmanage_software
ciscosd-wan_firmware< 19.2.219.2.2
ciscosd-wan_solution_vmanage

Detection & IOCsextracted from sources · hover to see the quote

  • Authenticated SQL injection via the vManage web UI — monitor for malicious SQL query patterns in HTTP requests sent to the Cisco SD-WAN vManage web interface by authenticated users
  • The root cause is improper validation of SQL values in the web UI — focus detection on SQL metacharacters/injection payloads in parameters handled by the vManage web UI endpoints
  • Track Cisco bug IDs CSCvr42496 and CSCvs49675 for patch status; unpatched vManage instances should be prioritised for monitoring
  • ·Exploitation requires prior authentication — ensure vManage web UI access is restricted to trusted, authorised users and monitor for anomalous authenticated sessions preceding unusual database activity
  • ·No workarounds exist for this vulnerability; patching is the only remediation path
  • ·Successful exploitation can affect both the underlying database and the operating system, indicating potential for OS-level command execution beyond data exfiltration/modification

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvdv2.08.5HIGHAV:N/AC:L/Au:S/C:C/I:C/A:N
vendor_cisco5.4MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.