ID

VAR-201901-0367


CVE

CVE-2019-1647


TITLE

Cisco SD-WAN Solution Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001423

DESCRIPTION

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files. Cisco SD-WAN Solution Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco SD-WAN is prone to an unauthorized-access vulnerability. This may lead to further attacks. This issue is being tracked by Cisco bug ID CSCvm25940

Trust: 1.98

sources: NVD: CVE-2019-1647 // JVNDB: JVNDB-2019-001423 // BID: 106705 // VULHUB: VHN-148619

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wanscope:ltversion:18.4.0

Trust: 1.0

vendor:ciscomodel:vsmart controllerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wanscope: - version: -

Trust: 0.8

vendor:ciscomodel:vsmart controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:sd-wanscope:eqversion:18.3.1

Trust: 0.3

vendor:ciscomodel:sd-wanscope:eqversion:18.3

Trust: 0.3

vendor:ciscomodel:sd-wanscope:eqversion:17.2.8

Trust: 0.3

vendor:ciscomodel:sd-wanscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:sd-wanscope:neversion:18.4

Trust: 0.3

sources: BID: 106705 // JVNDB: JVNDB-2019-001423 // NVD: CVE-2019-1647

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1647
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1647
value: HIGH

Trust: 1.0

NVD: CVE-2019-1647
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201901-871
value: HIGH

Trust: 0.6

VULHUB: VHN-148619
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1647
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-148619
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1647
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-148619 // JVNDB: JVNDB-2019-001423 // CNNVD: CNNVD-201901-871 // NVD: CVE-2019-1647 // NVD: CVE-2019-1647

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.9

sources: VULHUB: VHN-148619 // JVNDB: JVNDB-2019-001423 // NVD: CVE-2019-1647

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201901-871

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201901-871

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001423

PATCH

title:cisco-sa-20190123-sdwan-unaccessurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-unaccess

Trust: 0.8

title:Cisco SD-WAN Solution vContainer Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88957

Trust: 0.6

sources: JVNDB: JVNDB-2019-001423 // CNNVD: CNNVD-201901-871

EXTERNAL IDS

db:NVDid:CVE-2019-1647

Trust: 2.8

db:BIDid:106705

Trust: 2.0

db:JVNDBid:JVNDB-2019-001423

Trust: 0.8

db:NSFOCUSid:43898

Trust: 0.6

db:CNNVDid:CNNVD-201901-871

Trust: 0.6

db:VULHUBid:VHN-148619

Trust: 0.1

sources: VULHUB: VHN-148619 // BID: 106705 // JVNDB: JVNDB-2019-001423 // CNNVD: CNNVD-201901-871 // NVD: CVE-2019-1647

REFERENCES

url:http://www.securityfocus.com/bid/106705

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190123-sdwan-unaccess

Trust: 2.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1647

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-1647

Trust: 0.8

url:http://www.nsfocus.net/vulndb/43898

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-148619 // BID: 106705 // JVNDB: JVNDB-2019-001423 // CNNVD: CNNVD-201901-871 // NVD: CVE-2019-1647

CREDITS

This vulnerability was found during internal security testing.,Cisco

Trust: 0.6

sources: CNNVD: CNNVD-201901-871

SOURCES

db:VULHUBid:VHN-148619
db:BIDid:106705
db:JVNDBid:JVNDB-2019-001423
db:CNNVDid:CNNVD-201901-871
db:NVDid:CVE-2019-1647

LAST UPDATE DATE

2024-08-14T14:32:48.569000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-148619date:2019-10-09T00:00:00
db:BIDid:106705date:2019-01-23T00:00:00
db:JVNDBid:JVNDB-2019-001423date:2019-03-05T00:00:00
db:CNNVDid:CNNVD-201901-871date:2019-10-17T00:00:00
db:NVDid:CVE-2019-1647date:2019-10-09T23:47:36.190

SOURCES RELEASE DATE

db:VULHUBid:VHN-148619date:2019-01-24T00:00:00
db:BIDid:106705date:2019-01-23T00:00:00
db:JVNDBid:JVNDB-2019-001423date:2019-03-05T00:00:00
db:CNNVDid:CNNVD-201901-871date:2019-01-24T00:00:00
db:NVDid:CVE-2019-1647date:2019-01-24T15:29:00.703