Lucene search

CiscoCVELIST:CVE-2019-1861

HistoryJun 05, 2019 - 4:25 p.m.

CVE-2019-1861 Cisco Industrial Network Director Remote Code Execution Vulnerability

2019-06-0516:25:22

CWE-20

cisco

www.cve.org

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.011

Percentile

84.4%

JSON

A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges.

CNA Affected

[
  {
    "product": "Cisco Industrial Network Director",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "1.6.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/108622

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-rce

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.011

Percentile

84.4%

JSON

Related for CVELIST:CVE-2019-1861