Cisco IOS XE SD-WAN Software Command Injection Vulnerability
CVE-2019-16011

7.8HIGH

Key Information:

Vendor: Cisco
Status: Cisco iOS Xe Sd-wan Software
Vendor: CVE Published:; 29 April 2020

Badges

👾 Exploit Exists

Summary

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.

Affected Version(s)

Cisco IOS XE SD-WAN Software < 17.2.1r

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 5, 2024
Vulnerability published
Apr 29, 2020
Vulnerability Reserved
Sep 6, 2019