CVE-2019-1625

HIGH

Cisco SD-WAN Firmware - Authenticated Privilege Escalation to Root via CLI

Title source: llm
STIX 2.1

Description

A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow the attacker to make configuration changes to the system as the root user.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/108844

Scores

CVSS v3 7.8
EPSS 0.0042
EPSS Percentile 34.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-264
Status published
Products (2)
cisco/sd-wan_firmware 18.4.0
cisco/sd-wan_firmware < 18.3.6
Published Jun 20, 2019
Tracked Since Feb 18, 2026