First published: Tue Nov 26 2019(Updated: )
A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected instance of vManage. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Sd-wan Firmware | <19.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-16002 is a vulnerability in the vManage web-based UI of the Cisco SD-WAN Solution that allows an unauthenticated attacker to conduct a CSRF attack.
CVE-2019-16002 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
CVE-2019-16002 has a severity rating of 6.5 (medium).
Cisco SD-WAN Firmware versions up to 19.2.0 are affected by CVE-2019-16002.
To protect your system from CVE-2019-16002, it is recommended to apply the necessary updates and patches provided by Cisco.