CVE-2019-1626Incorrect Authorization in Cisco Sd-wan Solution

CWE-264CWE-863Incorrect Authorization4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 37.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Sd-wan SolutionCisco Sd-wan Firmware
Timeline
PublishedJun 20
Latest updateMay 24

Description

A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerability is due to a failure to properly authorize certain user actions in the device configuration. An attacker could exploit this vulnerability by logging in to the vManage Web UI and sending crafted HTTP requests to vManage. A successful exploit could allow attackers to gain elevated privileges and m

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_sd-wan_solutionunspecified18.4.0

🔴Vulnerability Details

2
GHSA
GHSA-x9m6-g325-mjr9: A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privi2022-05-24
CVEList
Cisco SD-WAN Solution Privilege Escalation Vulnerability2019-06-20

📋Vendor Advisories

1
Cisco
Cisco SD-WAN Solution Privilege Escalation Vulnerability2019-06-19
CVE-2019-1626 — Incorrect Authorization in Cisco | cvebase