CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1896

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 73.2%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 9.0

References

Products affected by CVE-2019-1896

Cisco » Integrated Management Controller Supervisor » Version: Any

cpe:2.3:a:cisco:integrated_management_controller_supervisor:*
Cisco » Unified Computing System » Version: 4.0(1c)hs3

cpe:2.3:a:cisco:unified_computing_system:4.0(1c)hs3
Cisco » Encs 5100 » Version: N/A

cpe:2.3:h:cisco:encs_5100:-
Cisco » Encs 5400 » Version: N/A

cpe:2.3:h:cisco:encs_5400:-
Cisco » Ucs-E1120d-M3 » Version: N/A

cpe:2.3:h:cisco:ucs-e1120d-m3:-
Cisco » Ucs-E140s-M2 » Version: N/A

cpe:2.3:h:cisco:ucs-e140s-m2:-
Cisco » Ucs-E160d-M2 » Version: N/A

cpe:2.3:h:cisco:ucs-e160d-m2:-
Cisco » Ucs-E160s-M3 » Version: N/A

cpe:2.3:h:cisco:ucs-e160s-m3:-
Cisco » Ucs-E168d-M2 » Version: N/A

cpe:2.3:h:cisco:ucs-e168d-m2:-
Cisco » Ucs-E180d-M3 » Version: N/A

cpe:2.3:h:cisco:ucs-e180d-m3:-
Cisco » Ucs C125 M5 » Version: N/A

cpe:2.3:h:cisco:ucs_c125_m5:-
Cisco » Ucs C4200 » Version: N/A

cpe:2.3:h:cisco:ucs_c4200:-
Cisco » Ucs S3260 » Version: N/A

cpe:2.3:h:cisco:ucs_s3260:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1896

Products

Pricing

Contact Us