Cisco Industrial Network Director Remote Code Execution Vulnerability
CVE-2019-1861

7.2HIGH

Key Information:

Vendor: Cisco
Status: Cisco Industrial Network Director
Vendor: CVE Published:; 5 June 2019

Badges

👾 Exploit Exists

What is CVE-2019-1861?

A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges.

Affected Version(s)

Cisco Industrial Network Director < 1.6.0

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/108622

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
Jun 5, 2019
Vulnerability Reserved
Dec 6, 2018