CVE-2019-1634
HIGHCisco Integrated Management Controller Supervisor 1.5.0.0-1.5(9g) - Authenticated OS Command Injection via IPMI
Title source: llmDescription
A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of user-supplied commands. An attacker who has administrator privileges and access to the network where the IPMI resides could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to gain root privileges on the affected device.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1634
Scores
CVSS v3
7.2
EPSS
0.0282
EPSS Percentile
84.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (2)
cisco/integrated_management_controller_supervisor
1.5.0.0 - 1.5\(9g\)
cisco/unified_computing_system
4.0\(1c\)hs3
Published
Aug 21, 2019
Tracked Since
Feb 18, 2026