CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1883

A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow an attacker to execute arbitrary commands on the device with root privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 36.1%

CVSS Severity

CVSS v3 Score 7.0

CVSS v2 Score 7.2

References

Products affected by CVE-2019-1883

Cisco » Integrated Management Controller Supervisor » Version: Any

cpe:2.3:a:cisco:integrated_management_controller_supervisor:*
Cisco » Unified Computing System » Version: 4.0(1c)hs3

cpe:2.3:a:cisco:unified_computing_system:4.0(1c)hs3
Cisco » Encs 5100 » Version: N/A

cpe:2.3:h:cisco:encs_5100:-
Cisco » Encs 5400 » Version: N/A

cpe:2.3:h:cisco:encs_5400:-
Cisco » Ucs-E1120d-M3 » Version: N/A

cpe:2.3:h:cisco:ucs-e1120d-m3:-
Cisco » Ucs-E140s-M2 » Version: N/A

cpe:2.3:h:cisco:ucs-e140s-m2:-
Cisco » Ucs-E160d-M2 » Version: N/A

cpe:2.3:h:cisco:ucs-e160d-m2:-
Cisco » Ucs-E160s-M3 » Version: N/A

cpe:2.3:h:cisco:ucs-e160s-m3:-
Cisco » Ucs-E168d-M2 » Version: N/A

cpe:2.3:h:cisco:ucs-e168d-m2:-
Cisco » Ucs-E180d-M3 » Version: N/A

cpe:2.3:h:cisco:ucs-e180d-m3:-
Cisco » Ucs C125 M5 » Version: N/A

cpe:2.3:h:cisco:ucs_c125_m5:-
Cisco » Ucs C4200 » Version: N/A

cpe:2.3:h:cisco:ucs_c4200:-
Cisco » Ucs S3260 » Version: N/A

cpe:2.3:h:cisco:ucs_s3260:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1883

Products

Pricing

Contact Us