CVE-2019-1950 — HIGH (8.4) — White Hats Nepal

Q: How severe is CVE-2019-1950?

CVE-2019-1950 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-1950?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe, Cisco 1100-4P Integrated Services Router, Cisco 1100-8P Integrated Services Router, Cisco 1101-4P Integrated Services Router, Cisco 1109-2P Integrated Services Router.

Vulnerability Description

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier.

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Ios Xe	<= 16.11
Cisco	1100-4P Integrated Services Router	-
Cisco	1100-8P Integrated Services Router	-
Cisco	1101-4P Integrated Services Router	-
Cisco	1109-2P Integrated Services Router	-
Cisco	1109-4P Integrated Services Router	-
Cisco	1111X-8P Integrated Services Router	-
Cisco	4221 Integrated Services Router	-
Cisco	4331 Integrated Services Router	-
Cisco	4431 Integrated Services Router	-
Cisco	4461 Integrated Services Router	-
Cisco	Asr 1000-X	-
Cisco	Asr 1001-Hx	-
Cisco	Asr 1002-Hx	-
Cisco	Asr 1002-X	-
Cisco	Asr 1004	-
Cisco	Asr 1006	-
Cisco	Asr 1006-X	-
Cisco	Asr 1009-X	-
Cisco	Asr 1013	-

Related Weaknesses (CWE)

CWE-1188 CWE-255

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sVendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sVendor Advisory

FAQ

What is CVE-2019-1950?

CVE-2019-1950 is a vulnerability with a CVSS score of 8.4 (HIGH). A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default c...

How severe is CVE-2019-1950?

CVE-2019-1950 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-1950?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe, Cisco 1100-4P Integrated Services Router, Cisco 1100-8P Integrated Services Router, Cisco 1101-4P Integrated Services Router, Cisco 1109-2P Integrated Services Router.