Cisco SD-WAN CVE-2019-1651 Buffer Overflow Vulnerability

Bugtraq ID:	106703
Class:	Boundary Condition Error
CVE:	CVE-2019-1651
Remote:	Yes
Local:	No
Published:	Jan 23 2019 12:00AM
Updated:	Jan 23 2019 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	Cisco vSmart Controller 0 Cisco SD-WAN 18.3.1 Cisco SD-WAN 18.3 Cisco SD-WAN 17.2.8 Cisco SD-WAN 0
Not Vulnerable:	Cisco SD-WAN 18.4

Cisco SD-WAN CVE-2019-1651 Buffer Overflow Vulnerability

Cisco SD-WAN is prone to a buffer-overflow vulnerability because they fail to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code with root privileges. Failed exploit attempts will result in a denial-of-service condition.

This issue being tracked by Cisco Bug ID CSCvm25955.

Cisco SD-WAN CVE-2019-1651 Buffer Overflow Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: mail:[email protected].

Cisco SD-WAN CVE-2019-1651 Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Cisco SD-WAN CVE-2019-1651 Buffer Overflow Vulnerability

References:

• Cisco Homepage (Cisco)
  
• Cisco SD-WAN Solution Buffer Overflow Vulnerability (Cisco)