BID:106723

Cisco SD-WAN CVE-2019-1646 Multiple Privilege Escalation Vulnerabilities

CVE-2019-1646 |

Info

Cisco SD-WAN CVE-2019-1646 Multiple Privilege Escalation Vulnerabilities

Bugtraq ID:	106723
Class:	Input Validation Error
CVE:	CVE-2019-1646
Remote:	No
Local:	Yes
Published:	Jan 23 2019 12:00AM
Updated:	Jan 23 2019 12:00AM
Credit:	Cisco
Vulnerable:	Cisco vSmart Controller 0 Cisco vManage Network Management 0 Cisco vEdge Cloud Router 0 Cisco vEdge 5000 0 Cisco vEdge 2000 0 Cisco vEdge 1000 0 Cisco vEdge 100 0 Cisco vBond Orchestrator 0 Cisco SD-WAN 18.3.1 Cisco SD-WAN 18.3 Cisco SD-WAN 17.2.8 Cisco SD-WAN 0

Not Vulnerable:	Cisco SD-WAN 18.4

Discussion

Cisco SD-WAN CVE-2019-1646 Multiple Privilege Escalation Vulnerabilities

Cisco SD-WAN is prone to multiple privilege-escalation vulnerabilities.

Local attackers may exploit these issues to gain elevated privileges and obtain sensitive information of the system.

Exploit / POC

Cisco SD-WAN CVE-2019-1646 Multiple Privilege Escalation Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Cisco SD-WAN CVE-2019-1646 Multiple Privilege Escalation Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Cisco SD-WAN CVE-2019-1646 Multiple Privilege Escalation Vulnerabilities

References:

Cisco Homepage (Cisco)
Multiple Privilege Escalation Vulnerabilities in Cisco SD-WAN Solution (Cisco)