CVE-2019-1626 HIGH

CVE-2019-1626: Cisco SD-WAN Solution Privilege Escalation Vulnerability

Vendor Cisco

Product Cisco SD-WAN Solution

Weakness CWE-264

Published June 20, 2019

Last update November 20, 2024

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerability is due to a failure to properly authorize certain user actions in the device configuration. An attacker could exploit this vulnerability by logging in to the vManage Web UI and sending crafted HTTP requests to vManage. A successful exploit could allow attackers to gain elevated privileges and make changes to the configuration that they would not normally be authorized to make.

Key dates

02Disclosure timeline

June 20, 2019 CVE published

November 20, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-1626

Related vulnerabilities

CVE-2019-1626: Cisco SD-WAN Solution Privilege Escalation Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE