CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1871

A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device. The vulnerability is due to improper bounds checking by the import-config process. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to implement arbitrary code on the affected device with elevated privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.015

EPSS Ranking 80.3%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 9.0

References

Products affected by CVE-2019-1871

Cisco » Integrated Management Controller Supervisor » Version: Any

cpe:2.3:a:cisco:integrated_management_controller_supervisor:*
Cisco » Unified Computing System » Version: 4.0(1c)hs3

cpe:2.3:a:cisco:unified_computing_system:4.0(1c)hs3
Cisco » Encs 5100 » Version: N/A

cpe:2.3:h:cisco:encs_5100:-
Cisco » Encs 5400 » Version: N/A

cpe:2.3:h:cisco:encs_5400:-
Cisco » Ucs-E1120d-M3 » Version: N/A

cpe:2.3:h:cisco:ucs-e1120d-m3:-
Cisco » Ucs-E140s-M2 » Version: N/A

cpe:2.3:h:cisco:ucs-e140s-m2:-
Cisco » Ucs-E160d-M2 » Version: N/A

cpe:2.3:h:cisco:ucs-e160d-m2:-
Cisco » Ucs-E160s-M3 » Version: N/A

cpe:2.3:h:cisco:ucs-e160s-m3:-
Cisco » Ucs-E168d-M2 » Version: N/A

cpe:2.3:h:cisco:ucs-e168d-m2:-
Cisco » Ucs-E180d-M3 » Version: N/A

cpe:2.3:h:cisco:ucs-e180d-m3:-
Cisco » Ucs C125 M5 » Version: N/A

cpe:2.3:h:cisco:ucs_c125_m5:-
Cisco » Ucs C4200 » Version: N/A

cpe:2.3:h:cisco:ucs_c4200:-
Cisco » Ucs S3260 » Version: N/A

cpe:2.3:h:cisco:ucs_s3260:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1871

Products

Pricing

Contact Us