Details of VAR-201907-0865

ID

VAR-201907-0865

CVE

CVE-2019-1911

TITLE

Cisco Unified Communications Domain Manager Software Container error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006443

DESCRIPTION

A vulnerability in the CLI of Cisco Unified Communications Domain Manager (Cisco Unified CDM) Software could allow an authenticated, local attacker to escape the restricted shell. The vulnerability is due to insufficient input validation of shell commands. An attacker could exploit this vulnerability by executing crafted commands in the shell. A successful exploit could allow the attacker to escape the restricted shell and access commands in the context of the restricted shell user, which does not have root privileges. A local attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvj07167

Trust: 1.98

sources: NVD: CVE-2019-1911 // JVNDB: JVNDB-2019-006443 // BID: 109051 // VULHUB: VHN-151523

AFFECTED PRODUCTS

vendor:	cisco	model:	hosted collaboration solution	scope:	lte	version:	11.5\(3\)pb3	Trust: 1.0
vendor:	cisco	model:	hosted collaboration solution	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified communications domain manager pb3	scope:	eq	version:	11.5(3)	Trust: 0.3
vendor:	cisco	model:	hosted collaboration solution 11.5 pb3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager pb4	scope:	ne	version:	11.5(3)	Trust: 0.3
vendor:	cisco	model:	hosted collaboration solution 11.5 pb4	scope:	ne	version:	-	Trust: 0.3

sources: BID: 109051 // JVNDB: JVNDB-2019-006443 // NVD: CVE-2019-1911

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1911
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1911
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1911
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201907-220
value:	HIGH
Trust: 0.6
VULHUB:	VHN-151523
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1911
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-151523
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1911
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8
ykramarz@cisco.com:	CVE-2019-1911
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	3.4
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-151523 // JVNDB: JVNDB-2019-006443 // CNNVD: CNNVD-201907-220 // NVD: CVE-2019-1911 // NVD: CVE-2019-1911

PROBLEMTYPE DATA

problemtype:

CWE-216

Trust: 1.9

sources: VULHUB: VHN-151523 // JVNDB: JVNDB-2019-006443 // NVD: CVE-2019-1911

THREAT TYPE

local

Trust: 0.9

sources: BID: 109051 // CNNVD: CNNVD-201907-220

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201907-220

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006443

PATCH

title:	cisco-sa-20190703-cucdm-rsh	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucdm-rsh	Trust: 0.8
title:	Cisco Unified Communications Domain Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94410	Trust: 0.6

sources: JVNDB: JVNDB-2019-006443 // CNNVD: CNNVD-201907-220

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1911	Trust: 2.8
db:	BID	id:	109051	Trust: 1.0
db:	JVNDB	id:	JVNDB-2019-006443	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.2450	Trust: 0.6
db:	CNNVD	id:	CNNVD-201907-220	Trust: 0.6
db:	VULHUB	id:	VHN-151523	Trust: 0.1

sources: VULHUB: VHN-151523 // BID: 109051 // JVNDB: JVNDB-2019-006443 // CNNVD: CNNVD-201907-220 // NVD: CVE-2019-1911

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190703-cucdm-rsh	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1911	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1911	Trust: 0.8
url:	https://www.securityfocus.com/bid/109051	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2450/	Trust: 0.6

sources: VULHUB: VHN-151523 // BID: 109051 // JVNDB: JVNDB-2019-006443 // CNNVD: CNNVD-201907-220 // NVD: CVE-2019-1911

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 109051

SOURCES

db:	VULHUB	id:	VHN-151523
db:	BID	id:	109051
db:	JVNDB	id:	JVNDB-2019-006443
db:	CNNVD	id:	CNNVD-201907-220
db:	NVD	id:	CVE-2019-1911

LAST UPDATE DATE

2024-11-23T21:52:07.207000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-151523	date:	2019-10-09T00:00:00
db:	BID	id:	109051	date:	2019-07-03T00:00:00
db:	JVNDB	id:	JVNDB-2019-006443	date:	2019-07-19T00:00:00
db:	CNNVD	id:	CNNVD-201907-220	date:	2019-07-18T00:00:00
db:	NVD	id:	CVE-2019-1911	date:	2024-11-21T04:37:40.217

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-151523	date:	2019-07-06T00:00:00
db:	BID	id:	109051	date:	2019-07-03T00:00:00
db:	JVNDB	id:	JVNDB-2019-006443	date:	2019-07-19T00:00:00
db:	CNNVD	id:	CNNVD-201907-220	date:	2019-07-03T00:00:00
db:	NVD	id:	CVE-2019-1911	date:	2019-07-06T02:15:11.620