Sign-up

ID

VAR-201906-0293


CVE

CVE-2019-1879


TITLE

Cisco Integrated Management Controller In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005718

DESCRIPTION

A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could exploit this vulnerability by authenticating with the administrator password via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges. This issue is being tracked by Cisco Bug ID CSCvo36016

Trust: 1.98

sources: NVD: CVE-2019-1879 // JVNDB: JVNDB-2019-005718 // BID: 108850 // VULHUB: VHN-151171

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing systemscope:eqversion:4.0\(1c\)hs3

Trust: 1.0

vendor:ciscomodel:integrated management controllerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:integrated management controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system 4.0 hs3scope: - version: -

Trust: 0.3

vendor:ciscomodel:ucs c-series serversscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:integrated management controllerscope:eqversion:0

Trust: 0.3

sources: BID: 108850 // JVNDB: JVNDB-2019-005718 // NVD: CVE-2019-1879

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1879
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1879
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1879
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201906-791
value: MEDIUM

Trust: 0.6

VULHUB: VHN-151171
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1879
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151171
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1879
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1879
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.5
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-151171 // JVNDB: JVNDB-2019-005718 // CNNVD: CNNVD-201906-791 // NVD: CVE-2019-1879 // NVD: CVE-2019-1879

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-151171 // JVNDB: JVNDB-2019-005718 // NVD: CVE-2019-1879

THREAT TYPE

local

Trust: 0.9

sources: BID: 108850 // CNNVD: CNNVD-201906-791

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201906-791

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005718

PATCH
title:cisco-sa-20190619-cimc-cli-cmdinjurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-cimc-cli-cmdinj
Trust: 0.8
title:Cisco Integrated Management Controller Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93941
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-005718 // 
            
            
            
            CNNVD: CNNVD-201906-791

EXTERNAL IDS
db:NVDid:CVE-2019-1879
Trust: 2.8
db:BIDid:108850
Trust: 2.0
db:JVNDBid:JVNDB-2019-005718
Trust: 0.8
db:AUSCERTid:ESB-2019.2188
Trust: 0.6
db:CNNVDid:CNNVD-201906-791
Trust: 0.6
db:VULHUBid:VHN-151171
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151171 // 
            
            
            
            BID: 108850 // 
            
            
            
            JVNDB: JVNDB-2019-005718 // 
            
            
            
            CNNVD: CNNVD-201906-791 // 
            
            
            
            NVD: CVE-2019-1879

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-cimc-cli-cmdinj
Trust: 2.0
url:http://www.securityfocus.com/bid/108850
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1879
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1879
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-infodisclos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-dos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-frmwr-dos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-csrf
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-filewrite
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2188/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-151171 // 
            
            
            
            BID: 108850 // 
            
            
            
            JVNDB: JVNDB-2019-005718 // 
            
            
            
            CNNVD: CNNVD-201906-791 // 
            
            
            
            NVD: CVE-2019-1879

CREDITS
Cisco.
Trust: 0.9
sources:
            
            
            BID: 108850 // 
            
            
            
            CNNVD: CNNVD-201906-791

SOURCES
db:VULHUBid:VHN-151171
db:BIDid:108850
db:JVNDBid:JVNDB-2019-005718
db:CNNVDid:CNNVD-201906-791
db:NVDid:CVE-2019-1879

LAST UPDATE DATE
2024-11-23T22:11:59.469000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-151171date:2019-10-09T00:00:00
db:BIDid:108850date:2019-06-19T00:00:00
db:JVNDBid:JVNDB-2019-005718date:2019-06-27T00:00:00
db:CNNVDid:CNNVD-201906-791date:2019-06-27T00:00:00
db:NVDid:CVE-2019-1879date:2024-11-21T04:37:36.020

SOURCES RELEASE DATE
db:VULHUBid:VHN-151171date:2019-06-20T00:00:00
db:BIDid:108850date:2019-06-19T00:00:00
db:JVNDBid:JVNDB-2019-005718date:2019-06-27T00:00:00
db:CNNVDid:CNNVD-201906-791date:2019-06-20T00:00:00
db:NVDid:CVE-2019-1879date:2019-06-20T03:15:12.290