CVE-2019-1871 HIGH

CVE-2019-1871: Cisco Integrated Management Controller Buffer Overflow Vulnerability

Vendor Cisco
Product Cisco Unified Computing System (Management Software)
Weakness CWE-119
Published August 21, 2019
Last update November 20, 2024

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device. The vulnerability is due to improper bounds checking by the import-config process. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to implement arbitrary code on the affected device with elevated privileges.

Key dates

02Disclosure timeline

August 21, 2019 CVE published
November 20, 2024 Record updated

Related vulnerabilities

04Related CVE