Lucene search

CiscoCVE-2019-12619

HistoryJan 26, 2020 - 5:15 a.m.

CVE-2019-12619

2020-01-2605:15:10

CWE-89

cisco

web.nvd.nist.gov

cve-2019-12619

cisco

sd-wan

vmanage

vulnerability

remote attacker

sql injection

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

34.4%

JSON

A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data.

Affected configurations

Nvd

Node

ciscosd-wan_firmwareRange≤17.2.0

AND

ciscovedge-100Match-

ciscovedge-1000Match-

ciscovedge-100bMatch-

ciscovedge-2000Match-

ciscovedge-5000Match-

ciscovedge_100mMatch-

ciscovedge_100wmMatch-

VendorProductVersionCPE
ciscosd-wan_firmware*cpe:2.3:o:cisco:sd-wan_firmware:*:*:*:*:*:*:*:*
ciscovedge-100-cpe:2.3:h:cisco:vedge-100:-:*:*:*:*:*:*:*
ciscovedge-1000-cpe:2.3:h:cisco:vedge-1000:-:*:*:*:*:*:*:*
ciscovedge-100b-cpe:2.3:h:cisco:vedge-100b:-:*:*:*:*:*:*:*
ciscovedge-2000-cpe:2.3:h:cisco:vedge-2000:-:*:*:*:*:*:*:*
ciscovedge-5000-cpe:2.3:h:cisco:vedge-5000:-:*:*:*:*:*:*:*
ciscovedge_100m-cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*
ciscovedge_100wm-cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	sd-wan_firmware	*	cpe:2.3:o:cisco:sd-wan_firmware::::::::
cisco	vedge-100	-	cpe:2.3:h:cisco:vedge-100:-:::::::*
cisco	vedge-1000	-	cpe:2.3:h:cisco:vedge-1000:-:::::::*
cisco	vedge-100b	-	cpe:2.3:h:cisco:vedge-100b:-:::::::*
cisco	vedge-2000	-	cpe:2.3:h:cisco:vedge-2000:-:::::::*
cisco	vedge-5000	-	cpe:2.3:h:cisco:vedge-5000:-:::::::*
cisco	vedge_100m	-	cpe:2.3:h:cisco:vedge_100m:-:::::::*
cisco	vedge_100wm	-	cpe:2.3:h:cisco:vedge_100wm:-:::::::*

CNA Affected

[
  {
    "product": "Cisco SD-WAN Solution",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "n/a",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-sqlinj

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

34.4%

JSON

Related for CVE-2019-12619