Cisco SD-WAN Solution CVE-2019-1648 Local Privilege Escalation Vulnerability

Bugtraq ID:	106719
Class:	Design Error
CVE:	CVE-2019-1648
Remote:	No
Local:	Yes
Published:	Jan 23 2019 12:00AM
Updated:	Jan 23 2019 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	Cisco vSmart Controller Software 0 Cisco vManage Network Management Software 0 Cisco vEdge Cloud Router Platform 0 Cisco vEdge 5000 Series Routers 0 Cisco vEdge 2000 Series Routers 0 Cisco vEdge 1000 Series Routers 0 Cisco vEdge 100 Series Routers 0 Cisco vBond Orchestrator Software 0 Cisco SD-WAN 18.3.1 Cisco SD-WAN 18.3 Cisco SD-WAN 17.2.8
Not Vulnerable:	Cisco SD-WAN 18.4

Cisco SD-WAN Solution CVE-2019-1648 Local Privilege Escalation Vulnerability

Cisco SD-WAN Solution is prone to local privilege-escalation vulnerability.

Local attackers can exploit this issue to obtain root privileges.

This issue is being tracked by Cisco Bug ID CSCvi69985.

Versions prior to Cisco SD-WAN Solution 18.4.0 are vulnerable.

Cisco SD-WAN Solution CVE-2019-1648 Local Privilege Escalation Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]

Cisco SD-WAN Solution CVE-2019-1648 Local Privilege Escalation Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Cisco SD-WAN Solution CVE-2019-1648 Local Privilege Escalation Vulnerability

References:

• Cisco Homepage (Cisco)
  
• Cisco SD-WAN Solution Privilege Escalation Vulnerability (Cisco)