CVE-2019-1951

08.08.2019, 08:15

A vulnerability in the packet filtering features of Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by crafting a malicious TCP packet with specific characteristics and sending it to a target device. A successful exploit could allow the attacker to bypass the L3 and L4 traffic filters and inject an arbitrary packet in the network.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
cisco	CNA	5.8 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 46%

Affected Products (NVD)

Vendor	Product	Version
cisco	sd-wan_firmware	𝑥 ≤ 19.1.0

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
cisco	sd-wan_solution	𝑥 < 19.1.0	CNA

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-sd-wan-bypass