CVE-2019-1650
Summary
| CVE | CVE-2019-1650 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-01-24 15:29:00 UTC |
| Updated | 2020-10-05 19:28:00 UTC |
| Description | A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the save command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Sd-wan | All | All | All | All |
| Application | Cisco | Sd-wan | All | All | All | All |
| Application | Cisco | Vbond Orchestrator | - | All | All | All |
| Application | Cisco | Vbond Orchestrator | - | All | All | All |
| Hardware | Cisco | Vedge 100 | - | All | All | All |
| Hardware | Cisco | Vedge 100 | - | All | All | All |
| Hardware | Cisco | Vedge 1000 | - | All | All | All |
| Hardware | Cisco | Vedge 1000 | - | All | All | All |
| Operating System | Cisco | Vedge 1000 Firmware | All | All | All | All |
| Operating System | Cisco | Vedge 1000 Firmware | All | All | All | All |
| Operating System | Cisco | Vedge 100 Firmware | All | All | All | All |
| Operating System | Cisco | Vedge 100 Firmware | All | All | All | All |
| Hardware | Cisco | Vedge 2000 | - | All | All | All |
| Hardware | Cisco | Vedge 2000 | - | All | All | All |
| Operating System | Cisco | Vedge 2000 Firmware | All | All | All | All |
| Operating System | Cisco | Vedge 2000 Firmware | All | All | All | All |
| Hardware | Cisco | Vedge 5000 | - | All | All | All |
| Hardware | Cisco | Vedge 5000 | - | All | All | All |
| Operating System | Cisco | Vedge 5000 Firmware | All | All | All | All |
| Operating System | Cisco | Vedge 5000 Firmware | All | All | All | All |
| Application | Cisco | Vmanage Network Management | - | All | All | All |
| Application | Cisco | Vmanage Network Management | - | All | All | All |
| Application | Cisco | Vsmart Controller | - | All | All | All |
| Application | Cisco | Vsmart Controller | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco SD-WAN CVE-2019-1650 Arbitrary File Overwrite Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.