Input validation error in Industrial Network Director - CVE-2019-1861
Published: June 5, 2019 / Updated: August 8, 2020
Vulnerability identifier: #VU35853
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-1861
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Industrial Network Director
Industrial Network Director
Detailed vulnerability description
The vulnerability allows a remote privileged user to execute arbitrary code.
A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges.
How to mitigate CVE-2019-1861
Install update from vendor's website.