CVE-2019-16010
Cisco SD-WAN Solution vManage Stored Cross-Site Scripting Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web UI of the Cisco SD-WAN vManage software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the vManage software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.
Una vulnerabilidad en la Interfaz de Usuario web del software Cisco SD-WAN vManage, podría permitir a un atacante remoto autenticado llevar a cabo un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz de administración basada en web del software vManage. La vulnerabilidad es debido a una comprobación de entrada insuficiente suministrada por el usuario por la interfaz de administración basada en web. Un atacante podría explotar esta vulnerabilidad al persuadir a un usuario de la interfaz para que haga clic sobre un enlace diseñado. Una explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz o acceder a información confidencial basada en navegador.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2019-09-06 CVE Reserved
- 2020-03-19 CVE Published
- 2023-03-08 EPSS Updated
- 2024-11-15 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | < 19.2.2 Search vendor "Cisco" for product "Sd-wan Firmware" and version " < 19.2.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-4g Integrated Services Router Search vendor "Cisco" for product "1100-4g Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | < 19.2.2 Search vendor "Cisco" for product "Sd-wan Firmware" and version " < 19.2.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-4gltegb Integrated Services Router Search vendor "Cisco" for product "1100-4gltegb Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | < 19.2.2 Search vendor "Cisco" for product "Sd-wan Firmware" and version " < 19.2.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-4gltena Integrated Services Router Search vendor "Cisco" for product "1100-4gltena Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | < 19.2.2 Search vendor "Cisco" for product "Sd-wan Firmware" and version " < 19.2.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-6g Integrated Services Router Search vendor "Cisco" for product "1100-6g Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | < 19.2.2 Search vendor "Cisco" for product "Sd-wan Firmware" and version " < 19.2.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge 100 Search vendor "Cisco" for product "Vedge 100" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | < 19.2.2 Search vendor "Cisco" for product "Sd-wan Firmware" and version " < 19.2.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge 1000 Search vendor "Cisco" for product "Vedge 1000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | < 19.2.2 Search vendor "Cisco" for product "Sd-wan Firmware" and version " < 19.2.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge 100b Search vendor "Cisco" for product "Vedge 100b" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | < 19.2.2 Search vendor "Cisco" for product "Sd-wan Firmware" and version " < 19.2.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge 100m Search vendor "Cisco" for product "Vedge 100m" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | < 19.2.2 Search vendor "Cisco" for product "Sd-wan Firmware" and version " < 19.2.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge 100wm Search vendor "Cisco" for product "Vedge 100wm" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | < 19.2.2 Search vendor "Cisco" for product "Sd-wan Firmware" and version " < 19.2.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge 2000 Search vendor "Cisco" for product "Vedge 2000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | < 19.2.2 Search vendor "Cisco" for product "Sd-wan Firmware" and version " < 19.2.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge 5000 Search vendor "Cisco" for product "Vedge 5000" | - | - |
Safe
|