CVE-2019-1861

Cisco Industrial Network Director Remote Code Execution Vulnerability

CVSS 7.2 HIGHEPSS 4.4%CWE-20

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.2EPSS 4.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

05 jun 2019Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges.

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Cisco · Cisco Industrial Network Director

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-rce http://www.securityfocus.com/bid/108622