CVE-2019-1966

CWE-2646 documents5 sources
Severity
7.8HIGH
EPSS
0.2%
top 53.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Cisco Unified Computing System (managed)Cisco Nx-osCisco Unified Computing System
Timeline
PublishedAug 30
Latest updateMay 24

Description

A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand options present for a specific CLI command within the local-mgmt context. An attacker could exploit this vulnerability by authenticating to an affected device, entering the local-mgmt context, and issuin

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5cisco/cisco_unified_computing_system_(managed)unspecified4.0(2a)
NVDcisco/unified_computing_system3.2\(3b\)a, 4.0\(1a\)a+1
NVDcisco/nx-os3.2+1

🔴Vulnerability Details

2
GHSA
GHSA-wjmx-f4ff-3r2q: A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an a2022-05-24
CVEList
Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability2019-08-29

📋Vendor Advisories

3
Cisco
Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability2019-08-28
Red Hat
struts2: remote command execution due to flaw in the includeParams attribute of URL and Anchor tags2013-05-22
Red Hat
struts2: remote command execution due to flaw in the includeParams attribute of URL and Anchor tags2013-05-22