← volver
CVE-2019-1896

Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability

CVSS 7.2 HIGHEPSS 1.8%CWE-78
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.2EPSS 1.8%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
21 ago 2019Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges.
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →