vulnerability

Cisco UCS Device: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CVE-2019-1883)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	Aug 21, 2019	Sep 25, 2019	Sep 25, 2019

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

Aug 21, 2019

Added

Sep 25, 2019

Modified

Sep 25, 2019

Description

A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow an attacker to execute arbitrary commands on the device with root privileges.

Solution

cisco-ucs-update-latest

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today