Input validation

2019-08-2119:15:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.4%

JSON

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. An attacker would need to have valid administrator credentials on the device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker with elevated privileges could exploit this vulnerability by sending crafted commands to the administrative web management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.

CPENameOperatorVersion
integrated_management_controller_supervisorge3.0.0.0
integrated_management_controller_supervisorlt3.0
integrated_management_controller_supervisorge4.0.0.0
integrated_management_controller_supervisorlt4.0
integrated_management_controller_supervisorge4.0.0.0
integrated_management_controller_supervisorlt4.0
unified_computing_systemeq4.1.0-chs3

Name	Operator	Version
integrated_management_controller_supervisor	ge	3.0.0.0
integrated_management_controller_supervisor	lt	3.0
integrated_management_controller_supervisor	ge	4.0.0.0
integrated_management_controller_supervisor	lt	4.0
integrated_management_controller_supervisor	ge	4.0.0.0
integrated_management_controller_supervisor	lt	4.0
unified_computing_system	eq	4.1.0-chs3