CVE-2019-1883 is a vulnerability in Cisco Unified Computing System
Published on August 21, 2019
Cisco Integrated Management Controller CLI Command Injection Vulnerability
A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow an attacker to execute arbitrary commands on the device with root privileges.
Weakness Type
What is a Shell injection Vulnerability?
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CVE-2019-1883 has been classified to as a Shell injection vulnerability or weakness.
Products Associated with CVE-2019-1883
Want to know whenever a new CVE is published for Cisco Unified Computing System? stack.watch will email you.
Affected Versions
Cisco Unified Computing System E-Series Software (UCSE):- Version unspecified and below 3.0(4k) is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.