CVE-2019-1879
low-risk
Published 2019-06-20
A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could exploit this vulnerability by authenticating with the administrator password via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.
Do I need to act?
-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.4/10
Medium
LOCAL
/ HIGH complexity
Affected Products (2)
Integrated Management Controller
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/108850
Third Party Advisory
http://www.securityfocus.com/bid/108850
24
/ 100
low-risk
Severity
17/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
7/34 · Low