CVE-2019-1725 — OS Command Injection in Cisco UCS B-series Blade Server Software

CWE-78 — OS Command Injection4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 78.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco UCS B-series Blade Server Software Cisco Unified Computing System

Timeline

PublishedApr 18

Latest updateMay 13

Description

A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be allowed for a specific subset of local management CLI commands. The vulnerability is due to lack of proper input validation of user input for local management CLI commands. An attacker could exploit this vu…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_ucs_b-series_blade_server_softwareunspecified — 4.0(2a)

▶NVDcisco/unified_computing_system< 4.0\(2a\)

🔴Vulnerability Details

GHSA

GHSA-6hq5-54cv-6j3x: A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated,↗2022-05-13

▶

CVEList

Cisco UCS B-Series Blade Servers Local Management CLI Arbitrary File Creation or CLI Parameter Injection Vulnerability↗2019-04-18

▶

📋Vendor Advisories

Cisco

Cisco UCS B-Series Blade Servers Local Management CLI Arbitrary File Creation or CLI Parameter Injection Vulnerability↗2019-04-17

▶