CVE-2019-1626

CVE Database · CVE-2019-1626

CVE-2019-1626

· HIGHModified

CVSS v3.1

8.8

EPSS

1.89%

Published

Jun 20, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerability is due to a failure to properly authorize certain user actions in the device configuration. An attacker could exploit this vulnerability by logging in to the vManage Web UI and sending crafted HTTP requests to vManage. A successful exploit could allow attackers to gain elevated privileges and make changes to the configuration that they would not normally be authorized to make.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-264CWE-863

Affected Products (8)

cisco · sd-wan_firmwarevulnerable

cisco · vedge-100

cisco · vedge-1000

cisco · vedge-100b

cisco · vedge-2000

cisco · vedge-5000

cisco · vedge_100m