CVE-2018-0431

CWE-77Command Injection4 documents4 sources
Severity
8.8HIGH
EPSS
0.8%
top 25.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Unified Computing System E-series Software (ucse)Cisco Unified Computing System
Timeline
PublishedOct 5
Latest updateMay 13

Description

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/unified_computing_system2.0_base, 3.0\(3a\), 3.1\(3\)+2

🔴Vulnerability Details

2
GHSA
GHSA-qmgx-qvh8-5237: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote at2022-05-13
CVEList
Cisco Integrated Management Controller Command Injection Vulnerability2018-10-05

📋Vendor Advisories

1
Cisco
Cisco Integrated Management Controller Command Injection Vulnerability2018-09-05
CVE-2018-0431 (HIGH CVSS 8.8) | A vulnerability in the web-based ma | cvebase.io