Unrated severityNVD Advisory· Published Jan 26, 2020· Updated Nov 15, 2024

Cisco SD-WAN Solution SQL Injection Vulnerability

CVE-2019-12619

Description

A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authenticated SQL injection in Cisco SD-WAN vManage web interface allows modification of database table entries, impacting data integrity.

Vulnerability

A vulnerability in the web interface of Cisco SD-WAN Solution vManage allows authenticated remote attackers to execute arbitrary SQL queries. The issue stems from insufficient validation of user-supplied input. Affected versions include Cisco SD-WAN vManage Release 17.2.0 and earlier [1].

Exploitation

An attacker with valid authentication credentials can exploit this vulnerability by sending crafted input containing SQL statements to the affected web interface. No other special network position or user interaction is required [1].

Impact

Successful exploitation allows the attacker to modify entries in some database tables, thereby compromising the integrity of data within the vManage system. The attacker does not gain read access to all data or full administrative control based on the available information [1].

Mitigation

Cisco has released software updates to address this vulnerability. Users should upgrade to a fixed version as advised in the Cisco Security Advisory. As of publication, no workarounds are available [1].

References

Cisco Security Advisory: Cisco SD-WAN Solution SQL Injection Vulnerability

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./SD-WAN Solution vManagellm-create
Cisco Systems, Inc./Cisco SD-WAN Solution softwarecpe-rescue
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-sqlinjmitrevendor-advisoryx_refsource_CISCO

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000