CVE-2019-1629
MEDIUMCisco Integrated Management Controller - Unauthenticated Arbitrary File Write via Configuration Import Utility
Title source: llmDescription
A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the affected device. An exploit could allow the attacker to fill up the filesystem or upload malicious scripts.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-filewrite
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108852
Scores
CVSS v3
5.3
EPSS
0.0152
EPSS Percentile
71.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-306
Status
published
Products (2)
cisco/integrated_management_controller
cisco/unified_computing_system
4.0\(1c\)hs3
Published
Jun 20, 2019
Tracked Since
Feb 18, 2026