CVE-2019-1883
published 2019-08-21CVE-2019-1883: A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow an attacker to execute arbitrary commands on the device with root privileges.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_unified_computing_system_e-series_software | >= unspecified < 3.0(4k) | 3.0(4k) |
| cisco | integrated_management_controller | — | — |
| cisco | integrated_management_controller_supervisor | >= 3.0.0.0 < 3.0\(4k\) | 3.0\(4k\) |
| cisco | integrated_management_controller_supervisor | >= 4.0.0.0 < 4.0\(4b\) | 4.0\(4b\) |
| cisco | integrated_management_controller_supervisor | >= 4.0.0.0 < 4.0\(2f\) | 4.0\(2f\) |
| cisco | unified_computing_system | — | — |