Main Vulnerability Database SB2019080831

SB2019080831 - Input validation error in Cisco SD-WAN

Published: August 8, 2019 Updated: August 20, 2019

Security Bulletin ID SB2019080831

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2019-1951)

The vulnerability allows a remote attacker to inject an arbitrary packet in the network.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted TCP packet with specific characteristics to the target device, bypass the L3 and L4 traffic filters and inject an arbitrary packet in the network.

This vulnerability affects the following Cisco products if they are running Cisco SD-WAN Solution:

vBond Orchestrator Software
vEdge 100 Series Routers
vEdge 1000 Series Routers
vEdge 2000 Series Routers
vEdge 5000 Series Routers
vEdge Cloud Router Platform
vManage Network Management Software
vSmart Controller Software

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-sd-wan-bypass