CVE-2019-1646
Summary
| CVE | CVE-2019-1646 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-01-24 15:29:00 UTC |
| Updated | 2020-10-05 19:10:00 UTC |
| Description | A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. The vulnerability exists because user input is not properly sanitized for certain commands at the CLI. An attacker could exploit this vulnerability by sending crafted commands to the CLI of an affected device. A successful exploit could allow the attacker to establish an interactive session with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device. |
Risk And Classification
Problem Types: CWE-77
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Sd-wan | All | All | All | All |
| Application | Cisco | Sd-wan | All | All | All | All |
| Application | Cisco | Vbond Orchestrator | - | All | All | All |
| Application | Cisco | Vbond Orchestrator | - | All | All | All |
| Hardware | Cisco | Vedge 100 | - | All | All | All |
| Hardware | Cisco | Vedge 100 | - | All | All | All |
| Hardware | Cisco | Vedge 1000 | - | All | All | All |
| Hardware | Cisco | Vedge 1000 | - | All | All | All |
| Operating System | Cisco | Vedge 1000 Firmware | All | All | All | All |
| Operating System | Cisco | Vedge 1000 Firmware | All | All | All | All |
| Operating System | Cisco | Vedge 100 Firmware | All | All | All | All |
| Operating System | Cisco | Vedge 100 Firmware | All | All | All | All |
| Hardware | Cisco | Vedge 2000 | - | All | All | All |
| Hardware | Cisco | Vedge 2000 | - | All | All | All |
| Operating System | Cisco | Vedge 2000 Firmware | All | All | All | All |
| Operating System | Cisco | Vedge 2000 Firmware | All | All | All | All |
| Hardware | Cisco | Vedge 5000 | - | All | All | All |
| Hardware | Cisco | Vedge 5000 | - | All | All | All |
| Operating System | Cisco | Vedge 5000 Firmware | All | All | All | All |
| Operating System | Cisco | Vedge 5000 Firmware | All | All | All | All |
| Application | Cisco | Vmanage Network Management | - | All | All | All |
| Application | Cisco | Vmanage Network Management | - | All | All | All |
| Application | Cisco | Vsmart Controller | - | All | All | All |
| Application | Cisco | Vsmart Controller | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Multiple Privilege Escalation Vulnerabilities in Cisco SD-WAN Solution | CISCO | tools.cisco.com | Vendor Advisory |
| Cisco SD-WAN CVE-2019-1646 Multiple Privilege Escalation Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.