Lucene search

CiscoCVE-2019-16011

HistoryApr 29, 2020 - 9:15 p.m.

CVE-2019-16011

2020-04-2921:15:11

CWE-77

CWE-20

cisco

web.nvd.nist.gov

cve-2019-16011

cisco

ios xe

sd-wan

cli

vulnerability

authenticated

local attacker

arbitrary commands

root privileges

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.

Affected configurations

Nvd

Vulners

Node

ciscoios_xeMatch16.10.2

ciscoios_xeMatch16.11

ciscoios_xeRange16.12–17.2.1r

ciscoios_xeMatch16.9

ciscoios_xeMatch16.10

ciscoios_xeMatch17.3

AND

cisco1100_integrated_services_routerMatch-

cisco4221_integrated_services_routerMatch-

cisco4331_integrated_services_routerMatch-

cisco4431_integrated_services_routerMatch-

cisco4461_integrated_services_routerMatch-

ciscoasr_1001-hxMatch-

ciscoasr_1001-xMatch-

ciscoasr_1002-hxMatch-

ciscoasr_1002-xMatch-

ciscoasr_1004Match-

ciscoasr_1006Match-

ciscoasr_1006-xMatch-

ciscoasr_1009-xMatch-

ciscoasr_1013Match-

ciscocsr1000vMatch-

VendorProductVersionCPE
ciscoios_xe16.10.2cpe:2.3:a:cisco:ios_xe:16.10.2:*:*:*:*:*:*:*
ciscoios_xe16.11cpe:2.3:a:cisco:ios_xe:16.11:*:*:*:*:*:*:*
ciscoios_xe*cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
ciscoios_xe16.9cpe:2.3:o:cisco:ios_xe:16.9:*:*:*:*:*:*:*
ciscoios_xe16.10cpe:2.3:o:cisco:ios_xe:16.10:*:*:*:*:*:*:*
ciscoios_xe17.3cpe:2.3:o:cisco:ios_xe:17.3:*:*:*:*:*:*:*
cisco1100_integrated_services_router-cpe:2.3:h:cisco:1100_integrated_services_router:-:*:*:*:*:*:*:*
cisco4221_integrated_services_router-cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*
cisco4331_integrated_services_router-cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*
cisco4431_integrated_services_router-cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	16.10.2	cpe:2.3:a:cisco:ios_xe:16.10.2:::::::*
cisco	ios_xe	16.11	cpe:2.3:a:cisco:ios_xe:16.11:::::::*
cisco	ios_xe	*	cpe:2.3:o:cisco:ios_xe::::::::
cisco	ios_xe	16.9	cpe:2.3:o:cisco:ios_xe:16.9:::::::*
cisco	ios_xe	16.10	cpe:2.3:o:cisco:ios_xe:16.10:::::::*
cisco	ios_xe	17.3	cpe:2.3:o:cisco:ios_xe:17.3:::::::*
cisco	1100_integrated_services_router	-	cpe:2.3:h:cisco:1100_integrated_services_router:-:::::::*
cisco	4221_integrated_services_router	-	cpe:2.3:h:cisco:4221_integrated_services_router:-:::::::*
cisco	4331_integrated_services_router	-	cpe:2.3:h:cisco:4331_integrated_services_router:-:::::::*
cisco	4431_integrated_services_router	-	cpe:2.3:h:cisco:4431_integrated_services_router:-:::::::*

Rows per page:

1-10 of 211

CNA Affected

[
  {
    "product": "Cisco IOS XE SD-WAN Software",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "17.2.1r",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xesdwcinj-AcQ5MxCn

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2019-16011