CVE-2019-1629

Name of the Vulnerable Software and Affected Versions Cisco Integrated Management Controller (IMC) (affected versions not specified)

Description A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The issue is due to a failure to delete temporarily uploaded files. An attacker could exploit this by crafting a malicious file and uploading it to the affected device, potentially allowing the attacker to fill up the filesystem or upload malicious scripts. The vulnerability is also related to a lack of authentication for a critical function, which could enable a remote attacker to gain write access and upload arbitrary data using a specially crafted malicious file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.