CVE-2019-1624
published 2019-06-20CVE-2019-1624: A vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands…
PriorityP262high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
4.33%
90.0th percentile
A vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the vManage Web UI. A successful exploit could allow the attacker to execute commands with root privileges.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_sd-wan_solution | >= unspecified < 18.4.0 | 18.4.0 |
| cisco | sd-wan | < 18.4.0 | 18.4.0 |
| cisco | sd-wan_solution | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability exists in the vManage Web UI input handling; monitor for crafted/anomalous input submitted to the vManage Web UI by authenticated users that may contain command injection payloads (e.g., shell metacharacters in form fields). ↗
- →Successful exploitation results in commands executed with root privileges; alert on unexpected root-level process spawning from the vManage web application process. ↗
- ·Exploitation requires prior authentication to the vManage device; scope detection efforts to authenticated sessions and monitor for privilege escalation post-login. ↗
- ·Multiple Cisco bug IDs are associated with this CVE (CSCvi46909, CSCvi59723, CSCvi59724), suggesting the injection surface may span more than one component of the SD-WAN solution. ↗
- ·No workarounds are available; patching is the only mitigation. Ensure vManage instances are updated to a fixed software version. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco SD-WAN Solution Command Injection Vulnerability
vendor_cisco·2019-06-19·CVSS 8.8
CVE-2019-1624 [HIGH] CWE-77 Cisco SD-WAN Solution Command Injection Vulnerability
Cisco SD-WAN Solution Command Injection Vulnerability
A vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.
The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the vManage Web UI. A successful exploit could allow the attacker to execute commands with root privileges.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-201906
Cisco
Cisco SD-WAN Solution Command Injection Vulnerability
vendor_cisco·CVSS 3.0
CVE-2019-1624 Cisco SD-WAN Solution Command Injection Vulnerability
CVE-2019-1624: Cisco SD-WAN Solution Command Injection Vulnerability
A vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the vManage Web UI. A successful exploit could allow the attacker to execute commands with root privileges. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.0
CWE: CWE-77, CWE-77
Bug IDs: CSCvi46909, CSCvi59723, CSCvi59724
GHSA
GHSA-6378-gp8h-j4xh: A vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary co
ghsa_unreviewed·2022-05-24
CVE-2019-1624 [HIGH] CWE-77 GHSA-6378-gp8h-j4xh: A vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary co
A vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the vManage Web UI. A successful exploit could allow the attacker to execute commands with root privileges.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-06-20
Published