CVE-2019-1648
Last modified
CVE-2019-1648 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the group configuration. EPSS estimates a 0.37% chance of exploitation in the next 30 days.
Description
A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the group configuration. An attacker could exploit this vulnerability by writing a crafted file to the directory where the user group configuration is located in the underlying operating system. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Vedge 100 Firmware | All versions |
| Cisco | Vedge 1000 Firmware | All versions |
| Cisco | Vedge 2000 Firmware | All versions |
| Cisco | Vedge 5000 Firmware | All versions |
| Cisco | Sd-Wan | < 18.4.0 |
| Cisco | Vbond Orchestrator | All versions |
| Cisco | Vmanage Network Management | All versions |
| Cisco | Vsmart Controller | All versions |
References
- http://www.securityfocus.com/bid/106719Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/106719Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-1648?
How severe is CVE-2019-1648?
How do I fix CVE-2019-1648?
Are you affected by CVE-2019-1648?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST