← Volver a CVEs
CVE-2019-1623
MEDIUM6.7
Descripcion
A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An attacker with administrator-level credentials could exploit this vulnerability by injecting crafted arguments during command execution. A successful exploit could allow the attacker to perform arbitrary code execution as root on an affected product.
Detalles CVE
Puntuacion CVSS v3.16.7
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado6/20/2019
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
cisco:meeting_server
Debilidades (CWE)
CWE-77CWE-78
Referencias
http://www.securityfocus.com/bid/108840(psirt@cisco.com)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-cms-codex(psirt@cisco.com)
http://www.securityfocus.com/bid/108840(af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-cms-codex(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.