CVE-2019-1950Initialization of a Resource with an Insecure Default in Cisco IOS XE

CWE-255CWE-1188Initialization of a Resource with an Insecure Default4 documents4 sources
Severity
8.4HIGHNVD
EPSS
0.4%
top 40.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XECisco IOS XE Sd-wan Software
Timeline
PublishedFeb 19
Latest updateMay 24

Description

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running C

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_sd-wan_software16.11 and earlier
NVDcisco/ios_xe16.11

🔴Vulnerability Details

2
GHSA
GHSA-whgh-2r37-m9vr: A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Fi2022-05-24
CVEList
Cisco IOS XE SD-WAN Software Default Credentials Vulnerability2020-02-19

📋Vendor Advisories

1
Cisco
Cisco IOS XE SD-WAN Software Default Credentials Vulnerability2020-01-22
CVE-2019-1950 — Cisco IOS XE vulnerability | cvebase