CVE-2019-1911 MEDIUM

CVE-2019-1911: Cisco Unified Communications Domain Manager Restricted Shell Escape Vulnerability

Vendor Cisco
Product Cisco Unified Communications Domain Manager
Weakness CWE-216
Published July 6, 2019
Last update November 21, 2024

CVSS base score

5.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability in the CLI of Cisco Unified Communications Domain Manager (Cisco Unified CDM) Software could allow an authenticated, local attacker to escape the restricted shell. The vulnerability is due to insufficient input validation of shell commands. An attacker could exploit this vulnerability by executing crafted commands in the shell. A successful exploit could allow the attacker to escape the restricted shell and access commands in the context of the restricted shell user, which does not have root privileges.

Key dates

02Disclosure timeline

July 6, 2019 CVE published
November 21, 2024 Record updated