Details of VAR-201901-0367

ID

VAR-201901-0367

CVE

CVE-2019-1647

TITLE

Cisco SD-WAN Solution Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001423

DESCRIPTION

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files. Cisco SD-WAN Solution Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco SD-WAN is prone to an unauthorized-access vulnerability. This may lead to further attacks. This issue is being tracked by Cisco bug ID CSCvm25940

Trust: 1.98

sources: NVD: CVE-2019-1647 // JVNDB: JVNDB-2019-001423 // BID: 106705 // VULHUB: VHN-148619

AFFECTED PRODUCTS

vendor:	cisco	model:	sd-wan	scope:	lt	version:	18.4.0	Trust: 1.0
vendor:	cisco	model:	vsmart controller	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vsmart controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.3.1	Trust: 0.3
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.3	Trust: 0.3
vendor:	cisco	model:	sd-wan	scope:	eq	version:	17.2.8	Trust: 0.3
vendor:	cisco	model:	sd-wan	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	sd-wan	scope:	ne	version:	18.4	Trust: 0.3

sources: BID: 106705 // JVNDB: JVNDB-2019-001423 // NVD: CVE-2019-1647

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1647
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1647
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1647
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201901-871
value:	HIGH
Trust: 0.6
VULHUB:	VHN-148619
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-1647
severity:	HIGH
baseScore:	7.7
vectorString:	AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-148619
severity:	HIGH
baseScore:	7.7
vectorString:	AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1647
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-148619 // JVNDB: JVNDB-2019-001423 // CNNVD: CNNVD-201901-871 // NVD: CVE-2019-1647 // NVD: CVE-2019-1647

PROBLEMTYPE DATA

problemtype:

CWE-284

Trust: 1.9

sources: VULHUB: VHN-148619 // JVNDB: JVNDB-2019-001423 // NVD: CVE-2019-1647

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201901-871

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201901-871

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001423

PATCH

title:	cisco-sa-20190123-sdwan-unaccess	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-unaccess	Trust: 0.8
title:	Cisco SD-WAN Solution vContainer Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88957	Trust: 0.6

sources: JVNDB: JVNDB-2019-001423 // CNNVD: CNNVD-201901-871

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1647	Trust: 2.8
db:	BID	id:	106705	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-001423	Trust: 0.8
db:	NSFOCUS	id:	43898	Trust: 0.6
db:	CNNVD	id:	CNNVD-201901-871	Trust: 0.6
db:	VULHUB	id:	VHN-148619	Trust: 0.1

sources: VULHUB: VHN-148619 // BID: 106705 // JVNDB: JVNDB-2019-001423 // CNNVD: CNNVD-201901-871 // NVD: CVE-2019-1647

REFERENCES

url:	http://www.securityfocus.com/bid/106705	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190123-sdwan-unaccess	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1647	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1647	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/43898	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-148619 // BID: 106705 // JVNDB: JVNDB-2019-001423 // CNNVD: CNNVD-201901-871 // NVD: CVE-2019-1647

CREDITS

This vulnerability was found during internal security testing.,Cisco

Trust: 0.6

sources: CNNVD: CNNVD-201901-871

SOURCES

db:	VULHUB	id:	VHN-148619
db:	BID	id:	106705
db:	JVNDB	id:	JVNDB-2019-001423
db:	CNNVD	id:	CNNVD-201901-871
db:	NVD	id:	CVE-2019-1647

LAST UPDATE DATE

2024-08-14T14:32:48.569000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-148619	date:	2019-10-09T00:00:00
db:	BID	id:	106705	date:	2019-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-001423	date:	2019-03-05T00:00:00
db:	CNNVD	id:	CNNVD-201901-871	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-1647	date:	2019-10-09T23:47:36.190

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-148619	date:	2019-01-24T00:00:00
db:	BID	id:	106705	date:	2019-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-001423	date:	2019-03-05T00:00:00
db:	CNNVD	id:	CNNVD-201901-871	date:	2019-01-24T00:00:00
db:	NVD	id:	CVE-2019-1647	date:	2019-01-24T15:29:00.703