CVE-2019-1865

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by invoking an interface monitoring mechanism with a crafted argument on the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.

Data: Cisco advisories 1 day ago · Cisco CSAF 4 hours ago · NVD CVEs 7 hours ago · NVD CPEs 1 day ago · CISA KEV 1 day ago · EPSS 1 day ago

Severity	HIGH
CVSS	8.8
EPSS	-
CWE	CWE-78
KEV
Published	6 years ago
Modified	1 year ago

Products with public affected evidence

Product	Advisory	Affected evidence
Cisco Unified Computing System (Standalone)	cisco-sa-20190821-imc-cmdinj-1865	structured affected CSAF product_status
Cisco Unified Computing System E-Series Software (UCSE)	cisco-sa-20190821-imc-cmdinj-1865	structured affected CSAF product_status
Cisco Unified Computing System (Management Software)	cisco-sa-20190821-imc-cmdinj-1865	structured affected CSAF product_status