CVE-2019-12629

CVE Database · CVE-2019-12629

CVE-2019-12629

· HIGHModified

CVSS v3.1

7.2

EPSS

2.45%

Published

Jan 26, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-77CWE-78

Affected Products (8)

cisco · sd-wan_firmware (up to 18.3.0)vulnerable

cisco · vedge-100

cisco · vedge-1000

cisco · vedge-100b

cisco · vedge-2000

cisco · vedge-5000

cisco · vedge_100m