CVE-2019-16011

CVE Database · CVE-2019-16011

CVE-2019-16011

· HIGHModified

CVSS v3.1

7.8

EPSS

0.38%

Published

Apr 29, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-77CWE-20

Affected Products (21)

cisco · ios_xevulnerable

cisco · ios_xe (up to 17.2.1r)vulnerable

cisco · ios_xevulnerable

cisco · 1100_integrated_services_router

cisco · 4221_integrated_services_router

cisco · 4331_integrated_services_router

cisco · 4431_integrated_services_router