CVE-2019-1625

Name: CVE-2019-1625
Creator: NVD / NIST
Published: 2019-06-20T03:15:11.37+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 0.42%

Last modified Jun 17, 2026

CVE-2019-1625 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. EPSS estimates a 0.42% chance of exploitation in the next 30 days.

Description

A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow the attacker to make configuration changes to the system as the root user.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.42%

33.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions
Cisco	Sd-Wan Firmware	< 18.3.6
Cisco	Sd-Wan Firmware	18.4.0

References

http://www.securityfocus.com/bid/108844Third Party Advisory, VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-sdwan-privescaVendor Advisory
http://www.securityfocus.com/bid/108844Third Party Advisory, VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-sdwan-privescaVendor Advisory

Timeline

Published: Jun 20, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-1625?

How severe is CVE-2019-1625?

CVE-2019-1625 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.42% probability of exploitation in the next 30 days.

How do I fix CVE-2019-1625?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-1625?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST