Multiple vulnerabilities in Cisco SD-WAN
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2019-1647 CVE-2019-1648 CVE-2019-1650 CVE-2019-1646 CVE-2019-1651 |
| CWE-ID | CWE-264 CWE-20 CWE-120 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cisco SD-WAN Client/Desktop applications / Virtualization software |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Security restrictions bypass
EUVDB-ID: #VU17222
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-1647
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an adjacent authenticated attacker to bypass security restrictions on the target system.
The vulnerability exists due to an insecure default configuration. An adjacent authenticated attacker can directly connect to the exposed services to retrieve and modify critical system files.
MitigationInstall update from vendor's website.
Vulnerable software versionsCisco SD-WAN: 18.3.0
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Privilege escalation
EUVDB-ID: #VU17223
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-1648
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated attacker to gain elevated privileges on an affected device.
The vulnerability exists due to a failure to properly validate certain parameters included within the group configuration. A local authenticated attacker can write a specially crafted file to the directory where the user group configuration is located in the underlying operating system and gain root-level privileges and take full control of the device.
MitigationUpdate to version 18.4.0.
Vulnerable software versionsCisco SD-WAN: All versions
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Privilege escalation
EUVDB-ID: #VU17224
Risk: Low
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-1650
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges on an affected device.
The vulnerability exists due to improper input validation of the save command in the CLI of the affected software. A remote authenticated attacker can modify the save command in the CLI of an affected device, overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user.
MitigationUpdate to version 18.4.0.
Vulnerable software versionsCisco SD-WAN: All versions
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Privilege escalation
EUVDB-ID: #VU17225
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-1646
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated attacker to gain elevated privileges on an affected device.
The vulnerability exists due to user input is not properly sanitized for certain commands at the CLI. A local authenticated attacker can send specially crafted commands to the CLI of an affected device, establish an interactive session with elevated privileges and further compromise the device or obtain additional configuration data from the device.
MitigationUpdate to version 18.4.0.
Vulnerable software versionsCisco SD-WAN: All versions
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-escal
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU17226
Risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2019-1651
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges on an affected device.
The vulnerability exists due to improper bounds checking by the vContainer. A remote authenticated attacker can send a malicious file to an affected vContainer instance, trigger a buffer overflow condition on the affected vContainer and cause the service to crash or execute arbitrary code as the root user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 18.4.0.
Vulnerable software versionsCisco SD-WAN: All versions
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
