Vulnerability Description
A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow an attacker to execute arbitrary commands on the device with root privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Computing System | 4.0\(1c\)hs3 |
| Cisco | Integrated Management Controller Supervisor | >= 3.0.0.0, < 3.0\(4k\) |
| Cisco | Encs 5100 | - |
| Cisco | Encs 5400 | - |
| Cisco | Ucs-E1120D-M3 | - |
| Cisco | Ucs-E140S-M2 | - |
| Cisco | Ucs-E160D-M2 | - |
| Cisco | Ucs-E160S-M3 | - |
| Cisco | Ucs-E168D-M2 | - |
| Cisco | Ucs-E180D-M3 | - |
| Cisco | Ucs C125 M5 | - |
| Cisco | Ucs C4200 | - |
| Cisco | Ucs S3260 | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2019-1883?
CVE-2019-1883 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that ...
How severe is CVE-2019-1883?
CVE-2019-1883 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1883?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Computing System, Cisco Integrated Management Controller Supervisor, Cisco Encs 5100, Cisco Encs 5400, Cisco Ucs-E1120D-M3.