Input validation

2019-08-2119:15:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow an attacker to execute arbitrary commands on the device with root privileges.

CPENameOperatorVersion
integrated_management_controller_supervisorge3.0.0.0
integrated_management_controller_supervisorlt3.0
integrated_management_controller_supervisorge4.0.0.0
integrated_management_controller_supervisorlt4.0
integrated_management_controller_supervisorge4.0.0.0
integrated_management_controller_supervisorlt4.0
unified_computing_systemeq4.1.0-chs3

Name	Operator	Version
integrated_management_controller_supervisor	ge	3.0.0.0
integrated_management_controller_supervisor	lt	3.0
integrated_management_controller_supervisor	ge	4.0.0.0
integrated_management_controller_supervisor	lt	4.0
integrated_management_controller_supervisor	ge	4.0.0.0
integrated_management_controller_supervisor	lt	4.0
unified_computing_system	eq	4.1.0-chs3