8.4
CVE-2019-1950
- EPSS 0.39%
- Veröffentlicht 19.02.2020 20:15:14
- Zuletzt bearbeitet 21.11.2024 04:37:45
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
LoginA vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Ios Xe Version <= 16.11
Cisco ≫ 1100-4p Integrated Services Router Version-
Cisco ≫ 1100-8p Integrated Services Router Version-
Cisco ≫ 1101-4p Integrated Services Router Version-
Cisco ≫ 1109-2p Integrated Services Router Version-
Cisco ≫ 1109-4p Integrated Services Router Version-
Cisco ≫ 1111x-8p Integrated Services Router Version-
Cisco ≫ 4221 Integrated Services Router Version-
Cisco ≫ 4331 Integrated Services Router Version-
Cisco ≫ 4431 Integrated Services Router Version-
Cisco ≫ 4461 Integrated Services Router Version-
Cisco ≫ Asr 1000-x Version-
Cisco ≫ Asr 1001-hx Version-
Cisco ≫ Asr 1002-hx Version-
Cisco ≫ Asr 1002-x Version-
Cisco ≫ Asr 1004 Version-
Cisco ≫ Asr 1006 Version-
Cisco ≫ Asr 1006-x Version-
Cisco ≫ Asr 1009-x Version-
Cisco ≫ Asr 1013 Version-
Cisco ≫ Csr1000v Version-
Cisco ≫ Ir1101 Version-
Cisco ≫ Nexus 56128p Version-
Cisco ≫ Nexus 5624q Version-
Cisco ≫ Nexus 5648q Version-
Cisco ≫ Nexus 5672up Version-
Cisco ≫ Nexus 5672up-16g Version-
Cisco ≫ Nexus 5696q Version-
Cisco ≫ Ucs-e1120d-m3 Version-
Cisco ≫ Ucs-e140s-m2 Version-
Cisco ≫ Ucs-e160d-m2 Version-
Cisco ≫ Ucs-e160s-m3 Version-
Cisco ≫ Ucs-e180d-m2 Version-
Cisco ≫ Ucs-e180d-m3 Version-
Cisco ≫ 1100-8p Integrated Services Router Version-
Cisco ≫ 1101-4p Integrated Services Router Version-
Cisco ≫ 1109-2p Integrated Services Router Version-
Cisco ≫ 1109-4p Integrated Services Router Version-
Cisco ≫ 1111x-8p Integrated Services Router Version-
Cisco ≫ 4221 Integrated Services Router Version-
Cisco ≫ 4331 Integrated Services Router Version-
Cisco ≫ 4431 Integrated Services Router Version-
Cisco ≫ 4461 Integrated Services Router Version-
Cisco ≫ Asr 1000-x Version-
Cisco ≫ Asr 1001-hx Version-
Cisco ≫ Asr 1002-hx Version-
Cisco ≫ Asr 1002-x Version-
Cisco ≫ Asr 1004 Version-
Cisco ≫ Asr 1006 Version-
Cisco ≫ Asr 1006-x Version-
Cisco ≫ Asr 1009-x Version-
Cisco ≫ Asr 1013 Version-
Cisco ≫ Csr1000v Version-
Cisco ≫ Ir1101 Version-
Cisco ≫ Nexus 56128p Version-
Cisco ≫ Nexus 5624q Version-
Cisco ≫ Nexus 5648q Version-
Cisco ≫ Nexus 5672up Version-
Cisco ≫ Nexus 5672up-16g Version-
Cisco ≫ Nexus 5696q Version-
Cisco ≫ Ucs-e1120d-m3 Version-
Cisco ≫ Ucs-e140s-m2 Version-
Cisco ≫ Ucs-e160d-m2 Version-
Cisco ≫ Ucs-e160s-m3 Version-
Cisco ≫ Ucs-e180d-m2 Version-
Cisco ≫ Ucs-e180d-m3 Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.59 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.4 | 2.5 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| psirt@cisco.com | 8.4 | 2.5 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-1188 Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.