CVE-2019-1646
HIGHCisco SD-WAN Solution - Authenticated Privilege Escalation via Local CLI Command Injection
Title source: llmDescription
A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. The vulnerability exists because user input is not properly sanitized for certain commands at the CLI. An attacker could exploit this vulnerability by sending crafted commands to the CLI of an affected device. A successful exploit could allow the attacker to establish an interactive session with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-escal
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106723
Scores
CVSS v3
7.8
EPSS
0.0045
EPSS Percentile
35.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-264
CWE-77
Status
published
Products (8)
cisco/sd-wan
< 18.4.0
cisco/vbond_orchestrator
cisco/vedge_1000_firmware
cisco/vedge_100_firmware
cisco/vedge_2000_firmware
cisco/vedge_5000_firmware
cisco/vmanage_network_management
cisco/vsmart_controller
Published
Jan 24, 2019
Tracked Since
Feb 18, 2026