CVE-2019-1625

EPSS 0.06%
Veröffentlicht 20.06.2019 03:15:11
Zuletzt bearbeitet 21.11.2024 04:36:57
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow the attacker to make configuration changes to the system as the root user.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Sd-wan Firmware Version < 18.3.6

   Cisco ≫ Vedge-100 Version-
   Cisco ≫ Vedge-1000 Version-
   Cisco ≫ Vedge-2000 Version-
   Cisco ≫ Vedge-5000 Version-
   Cisco ≫ Vedge 100b Version-
   Cisco ≫ Vedge 100m Version-
   Cisco ≫ Vedge 100wm Version-

Cisco ≫ Sd-wan Firmware Version18.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.165

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
psirt@cisco.com	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

http://www.securityfocus.com/bid/108844

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-sdwan-privesca

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-1625

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1625

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1625

EUVD