Cisco SD-WAN Solution Privilege Escalation Vulnerability
Description
A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerability is due to a failure to properly authorize certain user actions in the device configuration. An attacker could exploit this vulnerability by logging in to the vManage Web UI and sending crafted HTTP requests to vManage. A successful exploit could allow attackers to gain elevated privileges and make changes to the configuration that they would not normally be authorized to make.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An authenticated remote attacker can escalate privileges in Cisco SD-WAN vManage via crafted HTTP requests due to improper authorization.
Vulnerability
The vulnerability resides in the web-based UI (Web UI) of Cisco SD-WAN vManage. It is due to a failure to properly authorize certain user actions in device configuration. An authenticated attacker can exploit this by sending crafted HTTP requests. Affected versions include all releases prior to the fixed versions provided in Cisco advisory [1].
Exploitation
An attacker must have valid credentials to log in to the vManage Web UI. The attacker then sends specially crafted HTTP requests to vManage. No additional privileges or user interaction beyond authentication are required.
Impact
Successful exploitation allows the attacker to gain elevated privileges on the vManage device. This enables unauthorized changes to the device configuration, potentially compromising the entire SD-WAN solution.
Mitigation
Cisco has released free software updates to address this vulnerability. Customers should upgrade to the fixed versions as specified in Cisco Security Advisory cisco-sa-20190619-sdwan-privilescal [1]. No workarounds are mentioned. The vulnerability is not listed on CISA KEV (as of now).
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Cisco/Cisco SD-WAN Solutionv5Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-sdwan-privilescalmitrevendor-advisoryx_refsource_CISCO
- www.securityfocus.com/bid/108838mitrevdb-entryx_refsource_BID
News mentions
0No linked articles in our index yet.