VDB

CVE-2019-1816

CVE-2019-1816 PUBLISHED CVSS 5.300000190734863 MEDIUM

A vulnerability in the log subscription subsystem of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The vulnerability is due to insufficient validation of user-supplied input on the web and command-line interface. An attacker could exploit this vulnerability by authenticating to the affected device and injecting scripting commands in the scope of the log subscription subsystem. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.

EPSS 0.12% · 30.4th percentile

Risk Scores

CVSS 3.0
5.300000190734863
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.12%
30.4th percentile

Affected Products

VendorProductVersions
ciscoweb_security_appliancewsa10.5.0-fcs-000, 10.5.2-072, 11.0.0-641
CiscoCisco Web Security Appliance (WSA)unspecified, unspecified, unspecified

Exploit Intelligence

Timeline

  • May 1, 2019 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score

References

…and 3 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›