CVE-2019-1861

Cisco Industrial Network Director Remote Code Execution Vulnerability

CVSS 7.2 HIGHEPSS 4.4%CWE-20

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.2EPSS 4.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

05 Jun 2019Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges.

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

Cisco · Cisco Industrial Network Director

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-rce http://www.securityfocus.com/bid/108622