CVE-2019-16011

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.

Published: Apr 29, 2020
Updated: Apr 13, 2023
CVE: CVE-2019-16011
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
cisco / ios_xe	16.10.2	16.10.2.x
cisco / ios_xe	16.11	16.11.x
cisco / ios_xe	16.12	17.2.1r
cisco / ios_xe	16.9	16.9.x
cisco / ios_xe	16.10	16.10.x
cisco / ios_xe	17.3	17.3.x

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xesdwcinj-AcQ5MxCn

Vulnerability Database

290,206

CVE-2019-16011