CVE-2019-1648Improper Input Validation in Cisco Sd-wan

CWE-264CWE-20Improper Input Validation4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 80.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Sd-wanCisco Sd-wan Solution
Timeline
PublishedJan 24
Latest updateMay 13

Description

A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the group configuration. An attacker could exploit this vulnerability by writing a crafted file to the directory where the user group configuration is located in the underlying operating system. A successful exploit could allow the a

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/sd-wan< 18.4.0

🔴Vulnerability Details

2
GHSA
GHSA-2249-5x8x-97jc: A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges2022-05-13
CVEList
Cisco SD-WAN Solution Privilege Escalation Vulnerability2019-01-24

📋Vendor Advisories

1
Cisco
Cisco SD-WAN Solution Privilege Escalation Vulnerability2019-01-23
CVE-2019-1648 — Improper Input Validation in Cisco | cvebase