CVE-2019-1871: Cisco Integrated Management Controller Buffer Overflow Vulnerability
First published: Wed Aug 21 2019(Updated: )
A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device. The vulnerability is due to improper bounds checking by the import-config process. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to implement arbitrary code on the affected device with elevated privileges.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Computing System | =4.0\(1c\)hs3 | |
| Cisco Integrated Management Controller Supervisor | >=3.0.0.0<3.0\(4k\) | |
| Cisco Integrated Management Controller Supervisor | >=4.0.0.0<4.0\(4b\) | |
| Cisco Encs 5100 | ||
| Cisco Encs 5400 | ||
| Cisco Ucs-e1120d-m3 | ||
| Cisco Ucs-e140s-m2 | ||
| Cisco Ucs-e160d-m2 | ||
| Cisco Ucs-e160s-m3 | ||
| Cisco Ucs-e168d-m2 | ||
| Cisco Ucs-e180d-m3 | ||
| Cisco Ucs C125 M5 | ||
| Cisco Ucs C4200 | ||
| Cisco Ucs S3260 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-1871?
CVE-2019-1871 is a vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) that could allow an attacker to cause a denial of service (DoS) and execute arbitrary commands with root privileges.
How severe is CVE-2019-1871?
CVE-2019-1871 has a severity rating of 7.2 (critical).
Which software versions are affected by CVE-2019-1871?
The affected software versions for CVE-2019-1871 are Cisco Unified Computing System 4.0(1c)hs3, Cisco Integrated Management Controller Supervisor versions between 3.0.0.0 and 3.0(4k), and Cisco Integrated Management Controller Supervisor versions between 4.0.0.0 and 4.0(4b).
How can an attacker exploit CVE-2019-1871?
An attacker can exploit CVE-2019-1871 by using the Import Cisco IMC configuration utility to cause a denial of service (DoS) and execute arbitrary commands with root privileges.
Where can I find more information about CVE-2019-1871?
You can find more information about CVE-2019-1871 on the Cisco Security Advisory page: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-bo
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/title
- agent/last-modified-date
- agent/references
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco unified computing system
- version/cisco unified computing system/4.0\(1c\)hs3
- canonical/cisco integrated management controller supervisor
- version/cisco integrated management controller supervisor/3.0.0.0
- version/cisco integrated management controller supervisor/4.0.0.0
- canonical/cisco encs 5100
- canonical/cisco encs 5400
- canonical/cisco ucs-e1120d-m3
- canonical/cisco ucs-e140s-m2
- canonical/cisco ucs-e160d-m2
- canonical/cisco ucs-e160s-m3
- canonical/cisco ucs-e168d-m2
- canonical/cisco ucs-e180d-m3
- canonical/cisco ucs c125 m5
- canonical/cisco ucs c4200
- canonical/cisco ucs s3260