CVE-2019-1883

A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow an attacker to execute arbitrary commands on the device with root privileges.

Data: Cisco advisories 1 day ago · Cisco CSAF 4 hours ago · NVD CVEs 7 hours ago · NVD CPEs 1 day ago · CISA KEV 1 day ago · EPSS 1 day ago

Severity	HIGH
CVSS	7.8
EPSS	0.14% EPSS low
CWE	CWE-78
KEV
Published	6 years ago
Modified	1 year ago

Products with public affected evidence

Product	Advisory	Affected evidence
Cisco Unified Computing System E-Series Software (UCSE)	cisco-sa-20190821-cimc-cli-inject	structured affected CSAF product_status
Cisco Unified Computing System (Management Software)	cisco-sa-20190821-cimc-cli-inject	structured affected CSAF product_status
Cisco 5000 Series Enterprise Network Compute System	cisco-sa-20190821-cimc-cli-inject	structured affected CSAF product_status