← Back

CVE-2019-16010

nvd nist
Published: Mar 19, 2020Modified: Nov 21, 2024

JSON object

Loading...
4.8
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Exploitability: 1.7 / Impact: 2.7
Source: NVD

Description

A vulnerability in the web UI of the Cisco SD-WAN vManage software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the vManage software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

Affected (1)

Cisco
1 product
Sd Wan Firmware
Configuration A
1 vulnerable · 11 platform
Vulnerable SoftwareAffected Versions
Sd Wan Firmware
Before 19.2.2
Running on/withPlatform Versions
Cisco
1100 4g Integrated Services Router
All versions
Cisco
1100 4gltegb Integrated Services Router
All versions
Cisco
1100 4gltena Integrated Services Router
All versions
Cisco
1100 6g Integrated Services Router
All versions
Cisco
Vedge 100
All versions
Cisco
Vedge 1000
All versions
Cisco
Vedge 100b
All versions
Cisco
Vedge 100m
All versions
Cisco
Vedge 100wm
All versions
Cisco
Vedge 2000
All versions
Cisco
Vedge 5000
All versions

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.