CVE-2019-1629

CWE-306Missing Authentication6 documents6 sources
Severity
5.3MEDIUM
EPSS
0.3%
top 45.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Unified Computing System (management Software)Cisco Unified Computing System
Timeline
PublishedJun 20
Latest updateMay 24

Description

A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the affected device. An exploit could allow the attacker to fill up the filesystem or upload malicious scripts.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-2xqf-m93c-8p52: A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to2022-05-24
CVEList
Cisco Integrated Management Controller Arbitrary File Write Vulnerability2019-06-20

💥Exploits & PoCs

1
Exploit-DB
iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free2019-01-25

📋Vendor Advisories

1
Cisco
Cisco Integrated Management Controller Arbitrary File Write Vulnerability2019-06-19

💬Community

1
Bugzilla
CVE-2019-13454 ImageMagick: division by zero in RemoveDuplicateLayers in MagickCore/layer.c2019-07-10
CVE-2019-1629 (MEDIUM CVSS 5.3) | A vulnerability in the configuratio | cvebase.io