CVE-2019-1634

Name of the Vulnerable Software and Affected Versions Cisco Integrated Management Controller (IMC) (affected versions not specified)

Description A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). The issue is due to insufficient input validation of user-supplied commands. An attacker with administrator privileges and access to the network where the IPMI resides could exploit this by submitting crafted input to the affected commands, potentially gaining root privileges on the affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.