CVE-2019-1871
7.2
Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD
Description
A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device. The vulnerability is due to improper bounds checking by the import-config process. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to implement arbitrary code on the affected device with elevated privileges.
Affected (3)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.0(1c)hs3 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| From 3.0.0.0 to 3.0\(4k\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Encs 5100 | All versions |
Cisco Encs 5400 | All versions |
Cisco Ucs E1120d M3 | All versions |
Cisco Ucs E140s M2 | All versions |
Cisco Ucs E160d M2 | All versions |
Cisco Ucs E160s M3 | All versions |
Cisco Ucs E168d M2 | All versions |
Cisco Ucs E180d M3 | All versions |
Cisco Ucs C125 M5 | All versions |
Cisco Ucs C4200 | All versions |
Cisco Ucs S3260 | All versions |
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.