A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier.
References
| Link | Resource |
|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-cred-EVGSF259 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
22 May 2023, 18:57
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Cisco 1100-8p Integrated Services Router
Cisco 4221 Integrated Services Router Cisco 1109-2p Integrated Services Router Cisco 4431 Integrated Services Router Cisco 4461 Integrated Services Router Cisco 1111x-8p Integrated Services Router Cisco 4331 Integrated Services Router Cisco 1109-4p Integrated Services Router Cisco 1101-4p Integrated Services Router Cisco 1100-4p Integrated Services Router |
|
| CPE | cpe:2.3:h:cisco:isr_1100-8p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1101-4p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1109-4p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4461:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1109-2p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1111x-8p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1100-4p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4221:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4331:-:*:*:*:*:*:*:* |
cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:* |
Information
Published : 2020-02-19 20:15
Updated : 2023-05-22 18:57
NVD link : CVE-2019-1950
Mitre link : CVE-2019-1950
JSON object : View
Products Affected
cisco
- 1109-4p_integrated_services_router
- 1100-8p_integrated_services_router
- nexus_56128p
- nexus_5696q
- 4461_integrated_services_router
- nexus_5624q
- ios_xe
- 4331_integrated_services_router
- nexus_5648q
- ucs-e140s-m2
- csr1000v
- asr_1006-x
- asr_1006
- ucs-e1120d-m3
- ucs-e180d-m3
- 4221_integrated_services_router
- asr_1004
- 1111x-8p_integrated_services_router
- 1101-4p_integrated_services_router
- nexus_5672up
- nexus_5672up-16g
- 4431_integrated_services_router
- ucs-e160d-m2
- 1100-4p_integrated_services_router
- ucs-e160s-m3
- asr_1001-hx
- asr_1013
- asr_1002-x
- ucs-e180d-m2
- asr_1000-x
- 1109-2p_integrated_services_router
- asr_1002-hx
- ir1101
- asr_1009-x
CWE
CWE-1188
Insecure Default Initialization of Resource