Input validation error in Cisco SD-WAN - CVE-2019-1951
Published: August 20, 2019
Vulnerability identifier: #VU20326
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-1951
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco SD-WAN
Cisco SD-WAN
Detailed vulnerability description
The vulnerability allows a remote attacker to inject an arbitrary packet in the network.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted TCP packet with specific characteristics to the target device, bypass the L3 and L4 traffic filters and inject an arbitrary packet in the network.
This vulnerability affects the following Cisco products if they are running Cisco SD-WAN Solution:
- vBond Orchestrator Software
- vEdge 100 Series Routers
- vEdge 1000 Series Routers
- vEdge 2000 Series Routers
- vEdge 5000 Series Routers
- vEdge Cloud Router Platform
- vManage Network Management Software
- vSmart Controller Software
How to mitigate CVE-2019-1951
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.