CVE-2019-1625 — Cisco Sd-wan Solution vulnerability

CWE-2644 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 80.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Sd-wan Solution Cisco Sd-wan Firmware

Timeline

PublishedJun 20

Latest updateMay 24

Description

A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow the attacker to make configuration changes to the system as the root user.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5cisco/cisco_sd-wan_solutionunspecified — 18.3.6

▶NVDcisco/sd-wan_firmware< 18.3.6+1

🔴Vulnerability Details

GHSA

GHSA-mf76-jwrw-cxr8: A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on↗2022-05-24

▶

CVEList

Cisco SD-WAN Solution Privilege Escalation Vulnerability↗2019-06-20

▶

📋Vendor Advisories

Cisco

Cisco SD-WAN Solution Privilege Escalation Vulnerability↗2019-06-19

▶