CVE-2019-1623

CWE-77Command InjectionCWE-78OS Command Injection5 documents5 sources
Severity
6.7MEDIUM
EPSS
0.1%
top 65.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Meeting ServerCisco Meeting Server
Timeline
PublishedJun 20
Latest updateMay 24

Description

A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An attacker with administrator-level credentials could exploit this vulnerability by injecting crafted arguments during command execution. A successful exploit could allow the attacker to perform arbitrary code execution as root

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/meeting_server2.2.02.2.14+1
CVEListV5cisco/cisco_meeting_serverunspecified2.2.14

🔴Vulnerability Details

2
GHSA
GHSA-m4v2-gwgf-j2gq: A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as th2022-05-24
CVEList
Cisco Meeting Server CLI Command Injection Vulnerability2019-06-20

📋Vendor Advisories

1
Cisco
Cisco Meeting Server CLI Command Injection Vulnerability2019-06-19

💬Community

1
Bugzilla
CVE-2019-13311 ImageMagick: memory leaks at AcquireMagickMemory because of a wand/mogrify.c error2019-07-16
CVE-2019-1623 (MEDIUM CVSS 6.7) | A vulnerability in the CLI configur | cvebase.io