Main Vulnerability Database Vulnerabilities #VU17225

Privilege escalation in Cisco SD-WAN - CVE-2019-1646

Published: January 25, 2019

Vulnerability identifier: #VU17225

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-1646

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco SD-WAN

Detailed vulnerability description

The vulnerability allows a local authenticated attacker to gain elevated privileges on an affected device.

The vulnerability exists due to user input is not properly sanitized for certain commands at the CLI. A local authenticated attacker can send specially crafted commands to the CLI of an affected device, establish an interactive session with elevated privileges and further compromise the device or obtain additional configuration data from the device.

How to mitigate CVE-2019-1646

Update to version 18.4.0.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-escal

Privilege escalation in Cisco SD-WAN - CVE-2019-1646

Detailed vulnerability description

How to mitigate CVE-2019-1646

Sources

Please verify you're human