CVE-2019-1950

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier.

CVSS v3 8.4 HIGH
CVSS v2.0 7.2 HIGH

8.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-cred-EVGSF259	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4221_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4331_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4431_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4461_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:asr_1000-x:-:::::::*
	cpe:2.3:h:cisco:asr_1001-hx:-:::::::*
	cpe:2.3:h:cisco:asr_1002-hx:-:::::::*
	cpe:2.3:h:cisco:asr_1002-x:-:::::::*
	cpe:2.3:h:cisco:asr_1004:-:::::::*
	cpe:2.3:h:cisco:asr_1006:-:::::::*
	cpe:2.3:h:cisco:asr_1006-x:-:::::::*
	cpe:2.3:h:cisco:asr_1009-x:-:::::::*
	cpe:2.3:h:cisco:asr_1013:-:::::::*
	cpe:2.3:h:cisco:csr1000v:-:::::::*
	cpe:2.3:h:cisco:ir1101:-:::::::*
	cpe:2.3:h:cisco:nexus_56128p:-:::::::*
	cpe:2.3:h:cisco:nexus_5624q:-:::::::*
	cpe:2.3:h:cisco:nexus_5648q:-:::::::*
	cpe:2.3:h:cisco:nexus_5672up:-:::::::*
	cpe:2.3:h:cisco:nexus_5672up-16g:-:::::::*
	cpe:2.3:h:cisco:nexus_5696q:-:::::::*
	cpe:2.3:h:cisco:ucs-e1120d-m3:-:::::::*
	cpe:2.3:h:cisco:ucs-e140s-m2:-:::::::*
	cpe:2.3:h:cisco:ucs-e160d-m2:-:::::::*
	cpe:2.3:h:cisco:ucs-e160s-m3:-:::::::*
	cpe:2.3:h:cisco:ucs-e180d-m2:-:::::::*
	cpe:2.3:h:cisco:ucs-e180d-m3:-:::::::*

History

No history.

Information

Published : 2020-02-19 20:15

Updated : 2024-02-28 17:28

NVD link : CVE-2019-1950

Mitre link : CVE-2019-1950

CVE.ORG link : CVE-2019-1950

JSON object : View

Products Affected

cisco

1100-8p_integrated_services_router
1101-4p_integrated_services_router
ios_xe
1109-2p_integrated_services_router
nexus_5696q
asr_1004
ucs-e180d-m2
ir1101
nexus_56128p
ucs-e160s-m3
nexus_5672up
nexus_5648q
asr_1002-x
asr_1000-x
4221_integrated_services_router
1109-4p_integrated_services_router
4331_integrated_services_router
ucs-e1120d-m3
asr_1001-hx
1100-4p_integrated_services_router
ucs-e140s-m2
4461_integrated_services_router
ucs-e180d-m3
asr_1013
4431_integrated_services_router
csr1000v
asr_1006-x
nexus_5672up-16g
nexus_5624q
asr_1006
1111x-8p_integrated_services_router
ucs-e160d-m2
asr_1002-hx
asr_1009-x

CWE

CWE-1188

Insecure Default Initialization of Resource

CWE-255

Credentials Management Errors

8.4 /10