CVE-2019-12629 - OpenCVE

A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Vedge-5000 Vedge-1000 Sd-wan Firmware Vedge-2000 Vedge 100wm Vedge 100m Vedge-100b Vedge-100

Configuration 1 [-]

AND

cpe:2.3:o:cisco:sd-wan_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:vedge-100:-:::::::*
	cpe:2.3:h:cisco:vedge-1000:-:::::::*
	cpe:2.3:h:cisco:vedge-100b:-:::::::*
	cpe:2.3:h:cisco:vedge-2000:-:::::::*
	cpe:2.3:h:cisco:vedge-5000:-:::::::*
	cpe:2.3:h:cisco:vedge_100m:-:::::::*
	cpe:2.3:h:cisco:vedge_100wm:-:::::::*

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-cmd-inject	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2020-01-22T00:00:00

Updated: 2020-01-26T04:25:13

Reserved: 2019-06-04T00:00:00

Link: CVE-2019-12629

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-26T05:15:11.083

Modified: 2020-10-08T14:39:47.400

Link: CVE-2019-12629

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Cisco SD-WAN Solution ", "vendor": "Cisco", "versions": [{"lessThan": "n/a", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2020-01-22T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-01-26T04:25:13", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20200122 Cisco SD-WAN vManage Command Injection Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-cmd-inject"}], "source": {"advisory": "cisco-sa-20200122-sdwan-cmd-inject", "defect": [["CSCvi70009"]], "discovery": "INTERNAL"}, "title": "Cisco SD-WAN vManage Command Injection Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-01-22T16:00:00-0800", "ID": "CVE-2019-12629", "STATE": "PUBLIC", "TITLE": "Cisco SD-WAN vManage Command Injection Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco SD-WAN Solution ", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "impact": {"cvss": {"baseScore": "4.7", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L ", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-77"}]}]}, "references": {"reference_data": [{"name": "20200122 Cisco SD-WAN vManage Command Injection Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-cmd-inject"}]}, "source": {"advisory": "cisco-sa-20200122-sdwan-cmd-inject", "defect": [["CSCvi70009"]], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-12629", "datePublished": "2020-01-22T00:00:00", "dateReserved": "2019-06-04T00:00:00", "dateUpdated": "2020-01-26T04:25:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sd-wan_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "484C01EF-C2DE-43DB-8C3F-C2C013A182FE", "versionEndExcluding": "18.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:vedge-100:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D71E4AF-6E91-4493-A591-4D056D0E59C1", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:vedge-1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "F718A859-BCDB-4DD0-819D-60ABE710F0A9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:vedge-100b:-:*:*:*:*:*:*:*", "matchCriteriaId": "07E7851F-3E72-4677-B907-CF777EBED2FF", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:vedge-2000:-:*:*:*:*:*:*:*", "matchCriteriaId": "52EEF288-492C-4CE6-A082-631005C5E711", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:vedge-5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0C5E2C9-7D4B-405C-93DD-33DF265131E2", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*", "matchCriteriaId": "36973815-F46D-4ADA-B9DF-BCB70AC60BD3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*", "matchCriteriaId": "061A302C-8D35-4E80-93DA-916DA7E90C06", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system."}, {"lang": "es", "value": "Una vulnerabilidad en la WebUI del Cisco SD-WAN Solution, podr\u00eda permitir a un atacante remoto autenticado inyectar y ejecutar comandos arbitrarios con privilegios de usuario vmanage en un sistema afectado. La vulnerabilidad es debido a una comprobaci\u00f3n de entrada insuficiente de los par\u00e1metros de datos para determinados campos en la soluci\u00f3n afectada. Un atacante podr\u00eda explotar esta vulnerabilidad mediante la configuraci\u00f3n de un nombre de usuario malicioso en la p\u00e1gina de inicio de sesi\u00f3n de la soluci\u00f3n afectada. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante inyectar y ejecutar comandos arbitrarios con privilegios de usuario vmanage en un sistema afectado."}], "id": "CVE-2019-12629", "lastModified": "2020-10-08T14:39:47.400", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-26T05:15:11.083", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-cmd-inject"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}