CVE-2019-1861Improper Input Validation in Cisco Industrial Network Director

CWE-20Improper Input ValidationCWE-434Unrestricted File Upload4 documents4 sources
Severity
7.2HIGHNVD
EPSS
1.7%
top 17.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Industrial Network DirectorCisco Industrial Network Director
Timeline
PublishedJun 5
Latest updateMay 24

Description

A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_industrial_network_directorunspecified1.6.0

🔴Vulnerability Details

2
GHSA
GHSA-2vgx-3f92-37q8: A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary2022-05-24
CVEList
Cisco Industrial Network Director Remote Code Execution Vulnerability2019-06-05

📋Vendor Advisories

1
Cisco
Cisco Industrial Network Director Remote Code Execution Vulnerability2019-06-05
CVE-2019-1861 — Improper Input Validation in Cisco | cvebase