CVE-2019-1629

Published: Jun 20, 2019Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the affected device. An exploit could allow the attacker to fill up the filesystem or upload malicious scripts.

Affected (2)

Products: Cisco: Integrated Management Controller, Unified Computing System

2 products

Integrated Management Controller

Unified Computing System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Integrated Management Controller	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Computing System	Version 4.0(1c)hs3

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

http://www.securityfocus.com/bid/108852

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-filewrite

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/108852

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-filewrite

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.