CVE-2019-1950

CVE Database · CVE-2019-1950

CVE-2019-1950

· HIGHModified

CVSS v3.1

8.4

EPSS

0.33%

Published

Feb 19, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-255CWE-1188

Affected Products (34)

cisco · ios_xevulnerable

cisco · 1100-4p_integrated_services_router

cisco · 1100-8p_integrated_services_router

cisco · 1101-4p_integrated_services_router

cisco · 1109-2p_integrated_services_router

cisco · 1109-4p_integrated_services_router

cisco · 1111x-8p_integrated_services_router

cisco · 4221_integrated_services_router

cisco · 4331_integrated_services_router

cisco · 4431_integrated_services_router

cisco · 4461_integrated_services_router

cisco · asr_1000-x

· asr_1001-hx

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-cred-EVGSF259

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-cred-EVGSF259

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs