Lucene search

[email protected]CVE-2019-1950

HistoryFeb 19, 2020 - 8:15 p.m.

CVE-2019-1950

2020-02-1920:15:14

CWE-1188

CWE-255

[email protected]

web.nvd.nist.gov

cisco

ios xe

sd-wan

vulnerability

unauthorized access

nvd

cve-2019-1950

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

JSON

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier.

Affected configurations

NVD

Node

ciscoios_xeRange≤16.11

AND

cisco1100-4p_integrated_services_routerMatch-

cisco1100-8p_integrated_services_routerMatch-

cisco1101-4p_integrated_services_routerMatch-

cisco1109-2p_integrated_services_routerMatch-

cisco1109-4p_integrated_services_routerMatch-

cisco1111x-8p_integrated_services_routerMatch-

cisco4221_integrated_services_routerMatch-

cisco4331_integrated_services_routerMatch-

cisco4431_integrated_services_routerMatch-

cisco4461_integrated_services_routerMatch-

ciscoasr_1000-xMatch-

ciscoasr_1001-hxMatch-

ciscoasr_1002-hxMatch-

ciscoasr_1002-xMatch-

ciscoasr_1004Match-

ciscoasr_1006Match-

ciscoasr_1006-xMatch-

ciscoasr_1009-xMatch-

ciscoasr_1013Match-

ciscocsr1000vMatch-

ciscoir1101Match-

cisconexus_56128pMatch-

cisconexus_5624qMatch-

cisconexus_5648qMatch-

cisconexus_5672upMatch-

cisconexus_5672up-16gMatch-

cisconexus_5696qMatch-

ciscoucs-e1120d-m3Match-

ciscoucs-e140s-m2Match-

ciscoucs-e160d-m2Match-

ciscoucs-e160s-m3Match-

ciscoucs-e180d-m2Match-

ciscoucs-e180d-m3Match-

CPENameOperatorVersion
cisco:ios_xecisco ios xele16.11

CPE	Name	Operator	Version
cisco:ios_xe	cisco ios xe	le	16.11

CNA Affected

[
  {
    "product": "Cisco IOS XE SD-WAN Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "16.11 and earlier"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-cred-EVGSF259

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

JSON

Related for CVE-2019-1950

prion1 cisco1 nvd1 cvelist1