CVE-2019-1950

Published: Feb 19, 2020Modified: Nov 21, 2024

8.4

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.5 / Impact: 5.9

Source: NVD

Description

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier.

Affected (1)

Products: Cisco: Ios Xe

Cisco

1 product

Ios Xe

Configuration A

1 vulnerable · 33 platform

Vulnerable Software	Affected Versions
Cisco Ios Xe	Up to 16.11

Running on/with	Platform Versions
Cisco 1100 4p Integrated Services Router	All versions
Cisco 1100 8p Integrated Services Router	All versions
Cisco 1101 4p Integrated Services Router	All versions
Cisco 1109 2p Integrated Services Router	All versions
Cisco 1109 4p Integrated Services Router	All versions
Cisco 1111x 8p Integrated Services Router	All versions
Cisco 4221 Integrated Services Router	All versions
Cisco 4331 Integrated Services Router	All versions
Cisco 4431 Integrated Services Router	All versions
Cisco 4461 Integrated Services Router	All versions
Cisco Asr 1000 X	All versions
Cisco Asr 1001 Hx	All versions
Cisco Asr 1002 Hx	All versions
Cisco Asr 1002 X	All versions
Cisco Asr 1004	All versions
Cisco Asr 1006	All versions
Cisco Asr 1006 X	All versions
Cisco Asr 1009 X	All versions
Cisco Asr 1013	All versions
Cisco Csr1000v	All versions
Cisco Ir1101	All versions
Cisco Nexus 56128p	All versions
Cisco Nexus 5624q	All versions
Cisco Nexus 5648q	All versions
Cisco Nexus 5672up	All versions
Cisco Nexus 5672up 16g	All versions
Cisco Nexus 5696q	All versions
Cisco Ucs E1120d M3	All versions
Cisco Ucs E140s M2	All versions
Cisco Ucs E160d M2	All versions
Cisco Ucs E160s M3	All versions
Cisco Ucs E180d M2	All versions
Cisco Ucs E180d M3	All versions

Related CWEs

CWE-1188

Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

CWE-255

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-cred-EVGSF259

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-cred-EVGSF259

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.