CVE-2019-1625

EPSS 0.06%
Published 20.06.2019 03:15:11
Last modified 21.11.2024 04:36:57
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow the attacker to make configuration changes to the system as the root user.

Affected products Warnungen 0 Metrics 4 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Sd-wan Firmware Version < 18.3.6

   Cisco ≫ Vedge-100 Version-
   Cisco ≫ Vedge-1000 Version-
   Cisco ≫ Vedge-2000 Version-
   Cisco ≫ Vedge-5000 Version-
   Cisco ≫ Vedge 100b Version-
   Cisco ≫ Vedge 100m Version-
   Cisco ≫ Vedge 100wm Version-

Cisco ≫ Sd-wan Firmware Version18.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.165

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
psirt@cisco.com	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

http://www.securityfocus.com/bid/108844

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-sdwan-privesca

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-1625

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1625

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1625

EUVD