Main
Vulnerability Database
Exploits
ID:5999 - Exploit for Input validation error in Cisco Systems, Inc products - CVE-2019-1936
ID:5999 - Exploit for Input validation error in Cisco Systems, Inc products - CVE-2019-1936
Published: June 17, 2021
Vulnerability identifier: #VU20430
Vulnerability risk: Medium
CVE-ID: CVE-2019-1936
CWE-ID: CWE-20
Exploitation vector: Remote access
Vulnerable software:
Cisco UCS Director Express for Big Data
Cisco UCS Director
Cisco Integrated Management Controller Supervisor
Cisco UCS Director Express for Big Data
Cisco UCS Director
Cisco Integrated Management Controller Supervisor
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to insufficient validation of user-supplied input by the web-based management interface. A remote authenticated administrator can log in to the web-based management interface, send a malicious request to a certain part of the interface and execute arbitrary commands on the underlying Linux shell.
Remediation
Install updates from vendor's website.