Show plain JSON{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\)hs3:*:*:*:*:*:*:*", "matchCriteriaId": "39F8601E-730B-489B-AD2A-FD10FAF28595", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD570463-F539-47E7-B455-9376BD3EE99D", "versionEndExcluding": "1.5\\(9g\\)", "versionStartIncluding": "1.5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", "matchCriteriaId": "416F7C96-3EF0-4B6D-B414-3FC0D0848144", "versionEndExcluding": "2.0\\(13o\\)", "versionStartIncluding": "2.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", "matchCriteriaId": "0056011A-04F0-4185-8EE7-B1B30CAAA863", "versionEndExcluding": "3.0\\(4k\\)", "versionStartIncluding": "3.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", "matchCriteriaId": "59EE9E78-D09E-4069-BC84-ED42E3EE76F1", "versionEndExcluding": "4.0\\(4b\\)", "versionStartIncluding": "4.0.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*", "matchCriteriaId": "678F3A32-372A-441E-8115-95181FBAF628", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*", "matchCriteriaId": "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", "matchCriteriaId": "DF77273F-73C0-40EB-BB4E-75269D46F074", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", "matchCriteriaId": "757958F5-F58C-4128-B128-D989A56ACA34", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", "matchCriteriaId": "F62D6B73-1AB7-4B93-A92E-275E78DF114C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0E6AAD9-824C-4126-8347-2FF1895E6D33", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD31E5A-518C-482F-A926-383ADCC7015E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", "matchCriteriaId": "155D990F-C7DA-48DD-92CC-18542DBBE572", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "ADD4A429-F168-460B-A964-8F1BD94C6387", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD25964B-08B7-477E-A507-5FE5EE7CD286", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FDC8A69-0914-44C1-8AEA-262E0A285C81", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D094D51-8F25-430F-99C4-1A734CAA63E4", "versionEndExcluding": "4.0\\(1d\\)", "versionStartIncluding": "4.0.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*", "matchCriteriaId": "678F3A32-372A-441E-8115-95181FBAF628", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*", "matchCriteriaId": "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", "matchCriteriaId": "DF77273F-73C0-40EB-BB4E-75269D46F074", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", "matchCriteriaId": "757958F5-F58C-4128-B128-D989A56ACA34", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", "matchCriteriaId": "F62D6B73-1AB7-4B93-A92E-275E78DF114C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0E6AAD9-824C-4126-8347-2FF1895E6D33", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD31E5A-518C-482F-A926-383ADCC7015E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", "matchCriteriaId": "155D990F-C7DA-48DD-92CC-18542DBBE572", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "ADD4A429-F168-460B-A964-8F1BD94C6387", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD25964B-08B7-477E-A507-5FE5EE7CD286", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FDC8A69-0914-44C1-8AEA-262E0A285C81", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9AB71C7-E751-4390-84B0-D88794FE2E5A", "versionEndExcluding": "4.0\\(2c\\)", "versionStartIncluding": "4.0.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*", "matchCriteriaId": "678F3A32-372A-441E-8115-95181FBAF628", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*", "matchCriteriaId": "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", "matchCriteriaId": "DF77273F-73C0-40EB-BB4E-75269D46F074", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", "matchCriteriaId": "757958F5-F58C-4128-B128-D989A56ACA34", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", "matchCriteriaId": "F62D6B73-1AB7-4B93-A92E-275E78DF114C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0E6AAD9-824C-4126-8347-2FF1895E6D33", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD31E5A-518C-482F-A926-383ADCC7015E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", "matchCriteriaId": "155D990F-C7DA-48DD-92CC-18542DBBE572", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "ADD4A429-F168-460B-A964-8F1BD94C6387", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD25964B-08B7-477E-A507-5FE5EE7CD286", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FDC8A69-0914-44C1-8AEA-262E0A285C81", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by invoking an interface monitoring mechanism with a crafted argument on the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en la web del software Cisco Integrated Management Controller (IMC) podr\u00eda permitir que un atacante remoto autenticado inyecte comandos arbitrarios que se ejecutan con privilegios de root en un dispositivo afectado. La vulnerabilidad se debe a una validaci\u00f3n insuficiente de las entradas proporcionadas por el usuario por el software afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad invocando un mecanismo de monitoreo de interfaz con un argumento dise\u00f1ado sobre el software afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante inyectar y ejecutar comandos arbitrarios a nivel de sistema con privilegios de root en un dispositivo afectado."}], "id": "CVE-2019-1865", "lastModified": "2024-11-21T04:37:34.050", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-21T19:15:14.420", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1865"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1865"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}