FKIE_CVE-2019-1634

Vulnerability from fkie_nvd - Published: 2019-08-21 19:15 - Updated: 2024-11-21 04:36
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of user-supplied commands. An attacker who has administrator privileges and access to the network where the IPMI resides could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to gain root privileges on the affected device.
References
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1634Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1634Vendor Advisory
Impacted products
Vendor Product Version
cisco unified_computing_system 4.0\(1c\)hs3
cisco integrated_management_controller_supervisor *
cisco integrated_management_controller_supervisor *
cisco integrated_management_controller_supervisor *
cisco integrated_management_controller_supervisor *
cisco encs_5100 -
cisco encs_5400 -
cisco ucs-e1120d-m3 -
cisco ucs-e140s-m2 -
cisco ucs-e160d-m2 -
cisco ucs-e160s-m3 -
cisco ucs-e168d-m2 -
cisco ucs-e180d-m3 -
cisco ucs_c125_m5 -
cisco ucs_c4200 -
cisco ucs_s3260 -
cisco integrated_management_controller_supervisor *
cisco encs_5100 -
cisco encs_5400 -
cisco ucs-e1120d-m3 -
cisco ucs-e140s-m2 -
cisco ucs-e160d-m2 -
cisco ucs-e160s-m3 -
cisco ucs-e168d-m2 -
cisco ucs-e180d-m3 -
cisco ucs_c125_m5 -
cisco ucs_c4200 -
cisco ucs_s3260 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\)hs3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39F8601E-730B-489B-AD2A-FD10FAF28595",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD570463-F539-47E7-B455-9376BD3EE99D",
              "versionEndExcluding": "1.5\\(9g\\)",
              "versionStartIncluding": "1.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "416F7C96-3EF0-4B6D-B414-3FC0D0848144",
              "versionEndExcluding": "2.0\\(13o\\)",
              "versionStartIncluding": "2.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0056011A-04F0-4185-8EE7-B1B30CAAA863",
              "versionEndExcluding": "3.0\\(4k\\)",
              "versionStartIncluding": "3.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59EE9E78-D09E-4069-BC84-ED42E3EE76F1",
              "versionEndExcluding": "4.0\\(4b\\)",
              "versionStartIncluding": "4.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "678F3A32-372A-441E-8115-95181FBAF628",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF77273F-73C0-40EB-BB4E-75269D46F074",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "757958F5-F58C-4128-B128-D989A56ACA34",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62D6B73-1AB7-4B93-A92E-275E78DF114C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0E6AAD9-824C-4126-8347-2FF1895E6D33",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD31E5A-518C-482F-A926-383ADCC7015E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "155D990F-C7DA-48DD-92CC-18542DBBE572",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADD4A429-F168-460B-A964-8F1BD94C6387",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD25964B-08B7-477E-A507-5FE5EE7CD286",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FDC8A69-0914-44C1-8AEA-262E0A285C81",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5549F4C-CF65-4F22-9675-EFAA99964CA0",
              "versionEndExcluding": "4.0\\(2f\\)",
              "versionStartIncluding": "4.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "678F3A32-372A-441E-8115-95181FBAF628",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF77273F-73C0-40EB-BB4E-75269D46F074",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "757958F5-F58C-4128-B128-D989A56ACA34",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62D6B73-1AB7-4B93-A92E-275E78DF114C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0E6AAD9-824C-4126-8347-2FF1895E6D33",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD31E5A-518C-482F-A926-383ADCC7015E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "155D990F-C7DA-48DD-92CC-18542DBBE572",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADD4A429-F168-460B-A964-8F1BD94C6387",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD25964B-08B7-477E-A507-5FE5EE7CD286",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FDC8A69-0914-44C1-8AEA-262E0A285C81",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of user-supplied commands. An attacker who has administrator privileges and access to the network where the IPMI resides could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to gain root privileges on the affected device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la Interfaz de administraci\u00f3n de plataforma inteligente (IPMI) de Cisco Integrated Management Controller (IMC) podr\u00eda permitir que un atacante remoto autenticado inyecte comandos arbitrarios que se ejecutan con privilegios de ra\u00edz en el sistema operativo (SO) subyacente. La vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente de los comandos proporcionados por el usuario. Un atacante que tenga privilegios de administrador y acceso a la red donde reside el IPMI podr\u00eda aprovechar esta vulnerabilidad al enviar una entrada dise\u00f1ada a los comandos afectados. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante obtener privilegios de root en el dispositivo afectado."
    }
  ],
  "id": "CVE-2019-1634",
  "lastModified": "2024-11-21T04:36:58.597",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-21T19:15:14.043",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1634"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1634"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.