CVE-2019-1861
Description
A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges.
Risk Information
Base Score
7.2
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.29
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco Industrial Network Director Remote Code Execution Vulnerability For Cisco Industrial Network Director | NCM |
| Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-1861) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1704579 | Security Update for Cisco Industrial Network Director 1.1(1.49) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234