Details of VAR-201911-0949

ID

VAR-201911-0949

CVE

CVE-2019-16002

TITLE

Cisco SD-WAN Solution Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2019-012625

DESCRIPTION

A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected instance of vManage. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. Cisco SD-WAN Solution Contains a cross-site request forgery vulnerability.Information may be tampered with. Cisco SD-WAN Solution is a set of network expansion solutions of Cisco (Cisco)

Trust: 1.71

sources: NVD: CVE-2019-16002 // JVNDB: JVNDB-2019-012625 // VULHUB: VHN-148105

AFFECTED PRODUCTS

vendor:	cisco	model:	sd-wan	scope:	lt	version:	19.2.0	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.4.0	Trust: 0.6
vendor:	cisco	model:	sd-wan	scope:	eq	version:	19.1.0	Trust: 0.6
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.4.1	Trust: 0.6
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.3.0	Trust: 0.6

sources: JVNDB: JVNDB-2019-012625 // CNNVD: CNNVD-201911-1199 // NVD: CVE-2019-16002

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-16002
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-16002
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-16002
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201911-1199
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-148105
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-16002
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-148105
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-16002
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-16002
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-148105 // JVNDB: JVNDB-2019-012625 // CNNVD: CNNVD-201911-1199 // NVD: CVE-2019-16002 // NVD: CVE-2019-16002

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-148105 // JVNDB: JVNDB-2019-012625 // NVD: CVE-2019-16002

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-1199

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201911-1199

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012625

PATCH

title:	cisco-sa-20191120-vman-csrf	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-vman-csrf	Trust: 0.8
title:	Cisco SD-WAN Solution Fixes for cross-site request forgery vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103142	Trust: 0.6

sources: JVNDB: JVNDB-2019-012625 // CNNVD: CNNVD-201911-1199

EXTERNAL IDS

db:	NVD	id:	CVE-2019-16002	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-012625	Trust: 0.8
db:	CNNVD	id:	CNNVD-201911-1199	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.4401	Trust: 0.6
db:	VULHUB	id:	VHN-148105	Trust: 0.1

sources: VULHUB: VHN-148105 // JVNDB: JVNDB-2019-012625 // CNNVD: CNNVD-201911-1199 // NVD: CVE-2019-16002

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191120-vman-csrf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16002	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16002	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.4401/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-sd-wan-solution-cross-site-request-forgery-via-vmanage-30930	Trust: 0.6

sources: VULHUB: VHN-148105 // JVNDB: JVNDB-2019-012625 // CNNVD: CNNVD-201911-1199 // NVD: CVE-2019-16002

SOURCES

db:	VULHUB	id:	VHN-148105
db:	JVNDB	id:	JVNDB-2019-012625
db:	CNNVD	id:	CNNVD-201911-1199
db:	NVD	id:	CVE-2019-16002

LAST UPDATE DATE

2024-11-23T23:08:12.965000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-148105	date:	2019-12-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-012625	date:	2019-12-09T00:00:00
db:	CNNVD	id:	CNNVD-201911-1199	date:	2019-12-09T00:00:00
db:	NVD	id:	CVE-2019-16002	date:	2024-11-21T04:29:54.593

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-148105	date:	2019-11-26T00:00:00
db:	JVNDB	id:	JVNDB-2019-012625	date:	2019-12-09T00:00:00
db:	CNNVD	id:	CNNVD-201911-1199	date:	2019-11-20T00:00:00
db:	NVD	id:	CVE-2019-16002	date:	2019-11-26T04:15:12.700