CVE-2019-1624

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN Solution (affected versions not specified)

Description The issue is related to insufficient input validation in the vManage web-based UI, allowing an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. An attacker could exploit this by authenticating to the device and submitting crafted input to the vManage Web UI, potentially executing commands with root privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.