FKIE_CVE-2019-1648

Vulnerability from fkie_nvd - Published: 2019-01-24 15:29 - Updated: 2024-11-21 04:37
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the group configuration. An attacker could exploit this vulnerability by writing a crafted file to the directory where the user group configuration is located in the underlying operating system. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.
References
psirt@cisco.comhttp://www.securityfocus.com/bid/106719Third Party Advisory, VDB Entry
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-sol-escalVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/106719Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-sol-escalVendor Advisory
Impacted products
Vendor Product Version
cisco vedge_100_firmware *
cisco vedge_100 -
cisco vedge_1000_firmware *
cisco vedge_1000 -
cisco vedge_2000_firmware *
cisco vedge_2000 -
cisco vedge_5000_firmware *
cisco vedge_5000 -
cisco sd-wan *
cisco vbond_orchestrator -
cisco vmanage_network_management -
cisco vsmart_controller -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8569BEE0-3BDA-4349-9FAC-6ACE0A4E3C28",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00AAB4DD-1C45-412F-84AA-C056A0BBFB9A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "93A1525E-AB99-4217-8C31-1F040710B155",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F019975D-3A45-4522-9CB9-F4258C371DF6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50272035-AE86-4BD5-88FA-929157267BC8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "140AF13E-4463-478B-AA94-97406A80CB86",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACE381F7-295F-4F05-84B0-3F07E099AD59",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1356861D-E6CA-4973-9597-629507E8C07E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "698D777B-1AB1-4A54-98EC-8948BF287DA9",
              "versionEndExcluding": "18.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vbond_orchestrator:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA648664-0734-4D02-8944-CA4DF4D756D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vmanage_network_management:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDF9528B-1D1E-4CF2-ABA8-D01CC6F4A8BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vsmart_controller:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F16884C-A2EE-4867-8806-6418E000078C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the group configuration. An attacker could exploit this vulnerability by writing a crafted file to the directory where the user group configuration is located in the underlying operating system. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la configuraci\u00f3n del grupo de usuarios de la soluci\u00f3n Cisco SD-WAN podr\u00eda permitir a un atacante local autenticado obtener privilegios elevados en un dispositivo afectado. La vulnerabilidad se debe a un error a la hora de validar correctamente ciertos par\u00e1metros incluidos en la configuraci\u00f3n \"group\". Un atacante podr\u00eda explotar esta vulnerabilidad escribiendo un archivo manipulado en el directorio donde la configuraci\u00f3n \"user group\" est\u00e1 ubicada en el sistema operativo subyacente. Un exploit exitoso podr\u00eda permitir que el atacante obtenga privilegios de nivel root y obtenga el control total del dispositivo."
    }
  ],
  "id": "CVE-2019-1648",
  "lastModified": "2024-11-21T04:37:00.493",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-24T15:29:00.767",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106719"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-sol-escal"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106719"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-sol-escal"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.