Multiple vulnerabilities in Cisco Integrated Management Controller
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2019-1850 CVE-2019-1871 CVE-2019-1883 |
| CWE-ID | CWE-78 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco Integrated Management Controller Server applications / Remote management servers, RDP, SSH |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) OS Command Injection
EUVDB-ID: #VU20363
Risk: Medium
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1850
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to insufficient validation of user-supplied input in the web-based management interface. A remote authenticated administrator can send specially crafted commands to the administrative web management interface and execute arbitrary system-level commands with root privileges on the target device.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
This vulnerability affects the following Cisco products that are running Cisco IMC Software:
- UCS C-Series and S-Series Servers in standalone mode
- UCS E-Series Servers
- 5000 Series Enterprise Network Compute System (ENCS) Platforms
Mitigation
Install updates from vendor's website.
Vulnerable software versionsCisco Integrated Management Controller: 3.0 - 4.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU20365
Risk: Medium
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1871
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause a denial of service (DoS) condition and execute arbitrary code on the target system.
The vulnerability exists due to improper bounds checking by the import-config process in the Import Cisco IMC configuration utility. A remote authenticated attacker can send a specially crafted packets, trigger memory corruption and execute arbitrary code on the target device.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
This vulnerability affects the following Cisco products that are running Cisco IMC Software:
- UCS C-Series and S-Series Servers in standalone mode
- UCS E-Series Servers
- 5000 Series Enterprise Network Compute System (ENCS) Platform
Mitigation
Install updates from vendor's website.
Vulnerable software versionsCisco Integrated Management Controller: 3.0 - 4.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-bo
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) OS Command Injection
EUVDB-ID: #VU20364
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1883
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to insufficient validation of user-supplied input in the command-line interface. A local authenticated attacker with read-only privileges can submit crafted input to the affected CLI commands and execute arbitrary OS commands on the target device with root privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
This vulnerability affects the following Cisco products that are running Cisco IMC Software:
- UCS C-Series and S-Series Servers in standalone mode
- UCS E-Series Servers that are running Cisco IMC Software
- 5000 Series Enterprise Network Compute System (ENCS) Platforms
Mitigation
Install updates from vendor's website.
Vulnerable software versionsCisco Integrated Management Controller: 3.0 - 4.0
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
