CVE-2019-1861
Cisco Industrial Network Director Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges.
Una vulnerabilidad en la función de actualización del software Industrial Network Director de Cisco, podría permitir a un atacante remoto identificado ejecutar código arbitrario. La vulnerabilidad es debido a la comprobación inapropiada de los archivos cargados en la aplicación afectada. Un atacante podría aprovechar esta vulnerabilidad autenticándose en el sistema afectado usando privilegios de administrador y cargando un archivo arbitrario. Una operación con éxito podría permitir al atacante ejecutar código arbitrario muy privilegiado.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2018-12-06 CVE Reserved
- 2019-06-05 CVE Published
- 2024-11-16 EPSS Updated
- 2024-11-20 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/108622 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-rce | 2020-10-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Industrial Network Director Search vendor "Cisco" for product "Industrial Network Director" | < 1.6.0 Search vendor "Cisco" for product "Industrial Network Director" and version " < 1.6.0" | - |
Affected
|