A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local malicious user to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow the malicious user to make configuration changes to the system as the root user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco sd-wan_firmware |
||
cisco sd-wan_firmware 18.4.0 |
Your quick guide to what else has been happening in computer security lately
Roundup Here's a quick Monday summary of recent infosec news, beyond what we've already reported. Admins running Cisco gear will need to dedicate some time to updating their software an firmware following the release of 26 security patches from Switchzilla. Of the fixes, three are for critical flaws: CVE-2019-1663 is a remote code execution flaw in the RV110W, RV130W and RV215W routers. CVE-2019-1848 is an authentication bypass flaw in DNA Center, and CVE-2019-1625 covers a privilege escalation ...