CVE-2019-1650Improper Input Validation in Cisco Sd-wan

CWE-20Improper Input ValidationCWE-78OS Command Injection5 documents5 sources
Severity
8.8HIGHNVD
EPSS
1.0%
top 23.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Sd-wanCisco Sd-wan Solution
Timeline
PublishedJan 24
Latest updateMay 13

Description

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the save command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/sd-wan< 18.4.0

🔴Vulnerability Details

2
GHSA
GHSA-wchj-88hf-ghm5: A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating sy2022-05-13
CVEList
Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability2019-01-24

💥Exploits & PoCs

1
Exploit-DB
Inteno IOPSYS Gateway - Improper Access Restrictions2019-09-16

📋Vendor Advisories

1
Cisco
Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability2019-01-23
CVE-2019-1650 — Improper Input Validation in Cisco | cvebase