Main Vulnerability Database Vulnerabilities #VU17224

Privilege escalation in Cisco SD-WAN - CVE-2019-1650

Published: January 25, 2019

Vulnerability identifier: #VU17224

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-1650

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco SD-WAN

Detailed vulnerability description

The vulnerability allows a remote authenticated attacker to gain elevated privileges on an affected device.

The vulnerability exists due to improper input validation of the save command in the CLI of the affected software. A remote authenticated attacker can modify the save command in the CLI of an affected device, overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user.

How to mitigate CVE-2019-1650

Update to version 18.4.0.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-file-write

Privilege escalation in Cisco SD-WAN - CVE-2019-1650

Detailed vulnerability description

How to mitigate CVE-2019-1650

Sources

Please verify you're human