First published: Wed Aug 21 2019(Updated: )
A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying various CLI commands with crafted arguments. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Remote Phy 120 Firmware | <6.4 | |
Cisco Remote Phy 120 | ||
Cisco Remote Phy 220 Firmware | <3.1 | |
Cisco Remote Phy 220 | ||
Cisco Remote Phy Shelf 7200 Firmware | <1.2 | |
Cisco Remote Phy Shelf 7200 | ||
Cisco Cbr-8 Firmware | =1.1 | |
Cisco Cbr-8 Firmware | =6.1 | |
Cisco Cbr-8 Firmware | =6.2 | |
Cisco cBR-8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-1839 is a vulnerability in Cisco Remote PHY Device Software that could allow an authenticated local attacker to execute commands on the underlying Linux shell of an affected device with root privileges.
CVE-2019-1839 occurs because the affected software improperly sanitizes user-supplied input.
The severity of CVE-2019-1839 is high, with a severity value of 6.7.
The affected software versions include Cisco Remote Phy 120 Firmware up to version 6.4, and Cisco Remote Phy 220 Firmware up to version 3.1.
To fix CVE-2019-1839, Cisco has released a software update. Refer to the Cisco Security Advisory for more information.