CVE-2019-1879

Name of the Vulnerable Software and Affected Versions Cisco Integrated Management Controller (affected versions not specified)

Description The issue is related to insufficient validation of user-supplied input at the command-line interface (CLI) of the Cisco Integrated Management Controller. This could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. An attacker could exploit this by authenticating with the administrator password via the CLI and submitting crafted input to affected commands, potentially allowing the execution of arbitrary commands on the device with root privileges.

Recommendations For Cisco Integrated Management Controller, consider restricting access to the CLI to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the CLI with administrator privileges until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.