A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier.
Fixes

Solution

Cisco fixed this vulnerability in Cisco IOS XE SD-WAN Software Release 16.12.1.


Workaround

To check for the presence of default credentials, customers can use the show running-configuration | include username admin command within the Cisco IOS XE SD-WAN Software command line. To remove the default credentials, customers can use the config-transaction and no username admin commands.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2024-11-15T17:39:14.041Z

Reserved: 2018-12-06T00:00:00

Link: CVE-2019-1950

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-02-19T20:15:14.410

Modified: 2024-11-21T04:37:45.133

Link: CVE-2019-1950

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.