CVE-2019-1879 MEDIUM

CVE-2019-1879: Cisco Integrated Management Controller CLI Command Injection Vulnerability

Vendor Cisco

Product Cisco Unified Computing System (Management Software)

Weakness CWE-78

Published June 20, 2019

Last update November 20, 2024

View on NVD All CVEs

CVSS base score

6.4/10

Attack vector Local

Attack complexity High

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could exploit this vulnerability by authenticating with the administrator password via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.

Key dates

02Disclosure timeline

June 20, 2019 CVE published

November 20, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-1879 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2019-1879

CWE CWE-78

CVSS 6.4 / MEDIUM

Affected versions