CVE-2019-1629 MEDIUM

CVE-2019-1629: Cisco Integrated Management Controller Arbitrary File Write Vulnerability

Vendor Cisco
Product Cisco Unified Computing System (Management Software)
Weakness CWE-306 · Missing auth
Published June 20, 2019
Last update November 19, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the affected device. An exploit could allow the attacker to fill up the filesystem or upload malicious scripts.

Key dates

02Disclosure timeline

June 20, 2019 CVE published
November 19, 2024 Record updated

Related vulnerabilities

04Related CVE