CVE-2019-1648: Cisco SD-WAN Solution Privilege Escalation Vulnerability
First published: Thu Jan 24 2019(Updated: )
A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the group configuration. An attacker could exploit this vulnerability by writing a crafted file to the directory where the user group configuration is located in the underlying operating system. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Vedge 100 Firmware | ||
| Cisco Vedge 100 | ||
| Cisco Vedge 1000 Firmware | ||
| Cisco Vedge 1000 | ||
| Cisco Vedge 2000 Firmware | ||
| Cisco Vedge 2000 | ||
| Cisco Vedge 5000 Firmware | ||
| Cisco Vedge 5000 | ||
| Cisco SD-WAN | <18.4.0 | |
| Cisco Vbond Orchestrator | ||
| Cisco Vmanage Network Management | ||
| Cisco Vsmart Controller |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2019-1648.
What is the severity of CVE-2019-1648?
The severity of CVE-2019-1648 is high.
What is the affected software of CVE-2019-1648?
The affected software includes Cisco Vedge 100 Firmware, Cisco Vedge 1000 Firmware, Cisco Vedge 2000 Firmware, Cisco Vedge 5000 Firmware, Cisco SD-WAN, Cisco Vbond Orchestrator, Cisco Vmanage Network Management, and Cisco Vsmart Controller.
What does CVE-2019-1648 vulnerability allow an attacker to do?
CVE-2019-1648 allows an authenticated, local attacker to gain elevated privileges on an affected device.
How can I fix the CVE-2019-1648 vulnerability?
To fix the CVE-2019-1648 vulnerability, Cisco has released software updates. Please refer to the Cisco Security Advisory for more information.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/title
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco vedge 100 firmware
- canonical/cisco vedge 100
- canonical/cisco vedge 1000 firmware
- canonical/cisco vedge 1000
- canonical/cisco vedge 2000 firmware
- canonical/cisco vedge 2000
- canonical/cisco vedge 5000 firmware
- canonical/cisco vedge 5000
- canonical/cisco sd-wan
- canonical/cisco vbond orchestrator
- canonical/cisco vmanage network management
- canonical/cisco vsmart controller