CVE-2019-1865

Name of the Vulnerable Software and Affected Versions Cisco Integrated Management Controller (IMC) Software (affected versions not specified)

Description A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The issue is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this by invoking an interface monitoring mechanism with a crafted argument, potentially allowing the injection and execution of arbitrary, system-level commands with root privileges.

Recommendations For all affected versions, consider restricting access to the web-based management interface until a fix is available. As a temporary workaround, consider disabling the interface monitoring mechanism to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.