CVE-2019-1625
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
20/06/2019
Last modified:
12/08/2021
Description
A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow the attacker to make configuration changes to the system as the root user.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cisco:sd-wan_firmware:*:*:*:*:*:*:*:* | 18.3.6 (excluding) | |
| cpe:2.3:o:cisco:sd-wan_firmware:18.4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:vedge-100:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:vedge-1000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:vedge-2000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:vedge-5000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page