CVE-2019-1861

Name of the Vulnerable Software and Affected Versions Cisco Industrial Network Director (affected versions not specified)

Description The issue is related to insufficient input validation in the software update feature. This could allow a remote attacker to execute arbitrary code by uploading a specially crafted file. The attacker must have administrator privileges to exploit this issue. The vulnerability is due to improper validation of uploaded files.

Recommendations For all affected versions, consider restricting access to the software update feature until a fix is available. As a temporary workaround, restrict file uploads to only necessary and trusted sources. Avoid using administrator privileges for routine operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.