CVE-2019-16099
Description
CSRF vulnerability in Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows attackers to perform unauthorized actions via malicious JSON to a .swf file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CSRF vulnerability in Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows attackers to perform unauthorized actions via malicious JSON to a .swf file.
Vulnerability
Silver Peak EdgeConnect SD-WAN software prior to version 8.1.7.x contains a cross-site request forgery (CSRF) vulnerability that can be triggered when a crafted JSON payload is sent to a Flash (.swf) file [1]. The vulnerability exists because the affected endpoints do not verify the origin of requests.
Exploitation
An attacker can exploit this vulnerability by tricking an authenticated administrator into visiting a malicious webpage or clicking a crafted link that submits a JSON request to the vulnerable .swf endpoint. No additional authentication is required beyond the victim's existing session [1].
Impact
Successful exploitation allows the attacker to perform actions on the SD-WAN management interface with the privileges of the victim administrator. This could lead to unauthorized configuration changes, network disruption, or further compromise of the network infrastructure [1].
Mitigation
Silver Peak has addressed this vulnerability in EdgeConnect SD-WAN version 8.1.7.x and later. Users should upgrade to a fixed version as soon as possible. If upgrading is not feasible, consider restricting access to the management interface and disabling Flash if not required [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Silver Peak/EdgeConnect SD-WANdescription
- Range: <8.1.7
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.