CVE-2019-1623 MEDIUM

CVE-2019-1623: Cisco Meeting Server CLI Command Injection Vulnerability

Vendor Cisco
Product Cisco Meeting Server
Weakness CWE-77
Published June 20, 2019
Last update November 20, 2024

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An attacker with administrator-level credentials could exploit this vulnerability by injecting crafted arguments during command execution. A successful exploit could allow the attacker to perform arbitrary code execution as root on an affected product.

Key dates

02Disclosure timeline

June 20, 2019 CVE published
November 20, 2024 Record updated