CVE-2019-1625

CVE Database · CVE-2019-1625

CVE-2019-1625

· HIGHModified

CVSS v3.1

7.8

EPSS

0.42%

Published

Jun 20, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow the attacker to make configuration changes to the system as the root user.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-264

Affected Products (9)

cisco · sd-wan_firmware (up to 18.3.6)vulnerable

cisco · sd-wan_firmwarevulnerable

cisco · vedge-100

cisco · vedge-1000

cisco · vedge-2000

cisco · vedge-5000

cisco · vedge_100b