A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow an attacker to execute arbitrary commands on the device with root privileges.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 20 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2024-11-20T17:11:30.718Z

Reserved: 2018-12-06T00:00:00

Link: CVE-2019-1883

cve-icon Vulnrichment

Updated: 2024-08-04T18:35:50.734Z

cve-icon NVD

Status : Modified

Published: 2019-08-21T19:15:14.637

Modified: 2024-11-21T04:37:36.547

Link: CVE-2019-1883

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.