8.8
CVE-2019-1626
- EPSS 0.43%
- Veröffentlicht 20.06.2019 03:15:11
- Zuletzt bearbeitet 21.11.2024 04:36:57
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerability is due to a failure to properly authorize certain user actions in the device configuration. An attacker could exploit this vulnerability by logging in to the vManage Web UI and sending crafted HTTP requests to vManage. A successful exploit could allow attackers to gain elevated privileges and make changes to the configuration that they would not normally be authorized to make.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Sd-wan Firmware Version <= 18.3.6
Cisco ≫ Vedge-100 Version-
Cisco ≫ Vedge-1000 Version-
Cisco ≫ Vedge-100b Version-
Cisco ≫ Vedge-2000 Version-
Cisco ≫ Vedge-5000 Version-
Cisco ≫ Vedge 100m Version-
Cisco ≫ Vedge 100wm Version-
Cisco ≫ Vedge-1000 Version-
Cisco ≫ Vedge-100b Version-
Cisco ≫ Vedge-2000 Version-
Cisco ≫ Vedge-5000 Version-
Cisco ≫ Vedge 100m Version-
Cisco ≫ Vedge 100wm Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.617 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| psirt@cisco.com | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.