CVE-2019-1624Command Injection in Cisco Sd-wan Solution

CWE-77Command Injection4 documents4 sources
Severity
8.8HIGHNVD
EPSS
1.7%
top 17.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Sd-wan SolutionCisco Sd-wan
Timeline
PublishedJun 20
Latest updateMay 24

Description

A vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the vManage Web UI. A successful exploit could allow the attacker to execute commands with root privileges.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_sd-wan_solutionunspecified18.4.0
NVDcisco/sd-wan< 18.4.0

🔴Vulnerability Details

2
GHSA
GHSA-6378-gp8h-j4xh: A vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary co2022-05-24
CVEList
Cisco SD-WAN Solution Command Injection Vulnerability2019-06-20

📋Vendor Advisories

1
Cisco
Cisco SD-WAN Solution Command Injection Vulnerability2019-06-19
CVE-2019-1624 — Command Injection in Cisco | cvebase