Vulnerabilities > CVE-2019-1626 - Incorrect Authorization vulnerability in Cisco Sd-Wan Firmware

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

cisco

CWE-863

NVD

Published: 2019-06-20

Updated: 2020-10-06

Summary

A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerability is due to a failure to properly authorize certain user actions in the device configuration. An attacker could exploit this vulnerability by logging in to the vManage Web UI and sending crafted HTTP requests to vManage. A successful exploit could allow attackers to gain elevated privileges and make changes to the configuration that they would not normally be authorized to make.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco SD WAN Firmware - Cisco SD WAN Firmware 16.12.1B Cisco SD WAN Firmware 16.12.1D Cisco SD WAN Firmware 16.12.1E Cisco SD WAN Firmware 16.12.2R Cisco SD WAN Firmware 17.2.0 Cisco SD WAN Firmware 17.2.4 Cisco SD WAN Firmware 17.2.5 Cisco SD WAN Firmware 17.2.6 Cisco SD WAN Firmware 17.2.7 Cisco SD WAN Firmware 17.2.8 Cisco SD WAN Firmware 17.2.9 Cisco SD WAN Firmware 17.2.10 Cisco SD WAN Firmware 18.2.0 Cisco SD WAN Firmware 18.3.0 Cisco SD WAN Firmware 18.3.1 Cisco SD WAN Firmware 18.3.3 Cisco SD WAN Firmware 18.3.3.1 Cisco SD WAN Firmware 18.3.4 Cisco SD WAN Firmware 18.3.5 Cisco SD WAN Firmware 18.3.6	21
Hardware	Cisco Cisco Vedge 100 - Cisco Vedge 1000 - Cisco Vedge 100B - Cisco Vedge 2000 - Cisco Vedge 5000 - Cisco Vedge 100M - Cisco Vedge 100Wm -	7

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References