CVE-2019-1861: Cisco Industrial Network Director Remote Code Execution Vulnerability
First published: Wed Jun 05 2019(Updated: )
A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Industrial Network Director | <1.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-1861?
CVE-2019-1861 is a vulnerability in the software update feature of Cisco Industrial Network Director.
How does CVE-2019-1861 affect Cisco Industrial Network Director?
CVE-2019-1861 allows an authenticated, remote attacker to execute arbitrary code in Cisco Industrial Network Director.
What is the severity of CVE-2019-1861?
CVE-2019-1861 has a severity rating of 7.2 (Critical).
How can an attacker exploit CVE-2019-1861?
An attacker can exploit CVE-2019-1861 by uploading malicious files to the affected application.
What is the fix for CVE-2019-1861?
To fix CVE-2019-1861, users should upgrade to a version of Cisco Industrial Network Director that is newer than 1.6.0.
- collector/nvd-index
- agent/weakness
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco industrial network director