CVE-2019-1647Improper Access Control in Cisco Sd-wan

CWE-284Improper Access Control4 documents4 sources
Severity
8.0HIGHNVD
EPSS
0.9%
top 25.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Sd-wanCisco Sd-wan Solution
Timeline
PublishedJan 24
Latest updateMay 13

Description

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

NVDcisco/sd-wan< 18.4.0

🔴Vulnerability Details

2
GHSA
GHSA-hgf8-22gv-6hjf: A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized acc2022-05-13
CVEList
Cisco SD-WAN Solution Unauthorized Access Vulnerability2019-01-24

📋Vendor Advisories

1
Cisco
Cisco SD-WAN Solution Unauthorized Access Vulnerability2019-01-23
CVE-2019-1647 — Improper Access Control in Cisco Sd-wan | cvebase