CVE-2019-1629

Cisco Integrated Management Controller Arbitrary File Write Vulnerability

CVSS 5.3 MEDIUMEPSS 1.5%CWE-306

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.3EPSS 1.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

20 jun 2019Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the affected device. An exploit could allow the attacker to fill up the filesystem or upload malicious scripts.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Produtos afetados

Cisco · Cisco Unified Computing System (Management Software)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-filewrite http://www.securityfocus.com/bid/108852