CVE-2019-1629
Summary
| CVE | CVE-2019-1629 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-06-20 03:15:00 UTC |
| Updated | 2019-10-09 23:47:00 UTC |
| Description | A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the affected device. An exploit could allow the attacker to fill up the filesystem or upload malicious scripts. |
Risk And Classification
Problem Types: CWE-306
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Integrated Management Controller | - | All | All | All |
| Application | Cisco | Integrated Management Controller | - | All | All | All |
| Application | Cisco | Unified Computing System | 4.0(1c)hs3 | All | All | All |
| Application | Cisco | Unified Computing System | 4.0\(1c\)hs3 | All | All | All |
| Application | Cisco | Unified Computing System | 4.0\(1c\)hs3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Integrated Management Controller CVE-2019-1629 Arbitrary File Write Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Cisco Integrated Management Controller Arbitrary File Write Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.