Vulnerability Description
A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of user-supplied commands. An attacker who has administrator privileges and access to the network where the IPMI resides could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to gain root privileges on the affected device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Computing System | 4.0\(1c\)hs3 |
| Cisco | Integrated Management Controller Supervisor | >= 1.5.0.0, < 1.5\(9g\) |
| Cisco | Encs 5100 | - |
| Cisco | Encs 5400 | - |
| Cisco | Ucs-E1120D-M3 | - |
| Cisco | Ucs-E140S-M2 | - |
| Cisco | Ucs-E160D-M2 | - |
| Cisco | Ucs-E160S-M3 | - |
| Cisco | Ucs-E168D-M2 | - |
| Cisco | Ucs-E180D-M3 | - |
| Cisco | Ucs C125 M5 | - |
| Cisco | Ucs C4200 | - |
| Cisco | Ucs S3260 | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2019-1634?
CVE-2019-1634 is a vulnerability with a CVSS score of 7.2 (HIGH). A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that ...
How severe is CVE-2019-1634?
CVE-2019-1634 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1634?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Computing System, Cisco Integrated Management Controller Supervisor, Cisco Encs 5100, Cisco Encs 5400, Cisco Ucs-E1120D-M3.