CVE-2019-16012: Cisco SD-WAN Solution vManage SQL Injection Vulnerability
First published: Thu Mar 19 2020(Updated: )
A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web UI improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on, or return values from, the underlying database as well as the operating system.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Sd-wan Firmware | <19.2.2 | |
| Cisco 1100-4g Integrated Services Router | ||
| Cisco 1100-4gltegb Integrated Services Router | ||
| Cisco 1100-4gltena Integrated Services Router | ||
| Cisco 1100-6g Integrated Services Router | ||
| Cisco Vedge 100 | ||
| Cisco Vedge 1000 | ||
| Cisco Vedge 100b | ||
| Cisco Vedge 100m | ||
| Cisco Vedge 100wm | ||
| Cisco Vedge 2000 | ||
| Cisco Vedge 5000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-16012?
CVE-2019-16012 is a vulnerability in the web UI of Cisco SD-WAN Solution vManage software that allows an authenticated remote attacker to conduct SQL injection attacks.
How does CVE-2019-16012 affect Cisco SD-WAN Solution vManage software?
CVE-2019-16012 affects Cisco SD-WAN Solution vManage software by allowing an authenticated remote attacker to conduct SQL injection attacks.
What is the severity of CVE-2019-16012?
CVE-2019-16012 has a severity rating of 8.1 (High).
How can an attacker exploit CVE-2019-16012?
An attacker can exploit CVE-2019-16012 by taking advantage of the web UI's improper validation of SQL values.
Is there a fix available for CVE-2019-16012?
Yes, Cisco has released a security advisory with instructions to mitigate the vulnerability. Please refer to the reference link for more information.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/tags
- agent/author
- agent/description
- agent/last-modified-date
- agent/severity
- agent/title
- agent/event
- agent/first-publish-date
- vendor/cisco
- canonical/cisco sd-wan firmware
- canonical/cisco 1100-4g integrated services router
- canonical/cisco 1100-4gltegb integrated services router
- canonical/cisco 1100-4gltena integrated services router
- canonical/cisco 1100-6g integrated services router
- canonical/cisco vedge 100
- canonical/cisco vedge 1000
- canonical/cisco vedge 100b
- canonical/cisco vedge 100m
- canonical/cisco vedge 100wm
- canonical/cisco vedge 2000
- canonical/cisco vedge 5000