CVE-2019-1647

HIGH

Cisco SD-WAN < 18.4.0 - Authenticated Improper Access Control

Title source: llm
STIX 2.1

Description

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106705

Scores

CVSS v3 8.0
EPSS 0.0081
EPSS Percentile 52.3%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-284
Status published
Products (2)
cisco/sd-wan < 18.4.0
cisco/vsmart_controller
Published Jan 24, 2019
Tracked Since Feb 18, 2026