CRITICAL✓ PATCH🇬🇧 English

CVE-2019-1651

CVSS 9.9v3.0pub. 2019-01-24upd. 2024-11-21

A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user. The vulnerability is due to improper bounds checking by the vContainer. An attacker could exploit this vulnerability by sending a malicious file to an affected vContainer instance. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected vContainer, which could result in a DoS condition that the attacker could use to execute arbitrary code as the root user.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Cisco Vsmart Controller

    APP
    Cisco
    wszystkie wersje
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCEDoSMemoryContainer
CWE
Referencje

Powiązane podatności

CVE-2018-0349CRITICAL9.8ten sam produkt

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitr...

CVE-2021-1528HIGH7.8ten sam produkt

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain eleva...

CVE-2021-1514HIGH7.8ten sam produkt

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arb...

CVE-2021-1513HIGH7.5ten sam produkt

A vulnerability in the vDaemon process of Cisco SD-WAN Software could allow an unauthenticated, remote attacke...

CVE-2020-3351HIGH8.6ten sam produkt

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a d...