CVE-2019-16012

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN Solution vManage software (affected versions not specified)

Description The issue is related to a lack of protection against SQL query structure attacks in the vManage web interface of Cisco SD-WAN. This could allow a remote attacker to execute arbitrary SQL queries. The vulnerability exists due to improper validation of SQL values in the web UI. An attacker could exploit this by authenticating to the application and sending malicious SQL queries, potentially modifying or returning values from the underlying database and operating system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.