What is CVE-2019-12629?

CVE-2019-12629 is a high-severity vulnerability in Cisco Sd-wan Solution, classified under Command Injection. CVSS score: 7.2/10. Published 2020-01-26.

How severe is CVE-2019-12629?

High severity. CVSS v3 base score is 7.2 out of 10.

RCE in Cisco Sd-wan Solution

CVE-2019-12629

A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient i…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.025 (82.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Sd-wan Solution — versions unspecified
Cisco Sd-wan_firmware
Cisco Vedge-100
Cisco Vedge-1000
Cisco Vedge-100b
Cisco Vedge_100m
Cisco Vedge_100wm
Cisco Vedge-2000
Cisco Vedge-5000

Weakness classification (CWE)

References

psirt@cisco.com (x_refsource_CISCO, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2019-12629?: CVE-2019-12629 is a high-severity vulnerability in Cisco Sd-wan Solution, classified under Command Injection. CVSS score: 7.2/10. Published 2020-01-26.
How severe is CVE-2019-12629?: High severity. CVSS v3 base score is 7.2 out of 10.