CVE-2019-1725 (CNNVD-201904-845)
中文标题:
Cisco UCS B-Series Blade Servers 操作系统命令注入漏洞
英文标题:
Cisco UCS B-Series Blade Servers Local Management CLI Arbitrary File Creation or CLI Parameter Injection Vulnerability
漏洞描述
中文描述:
Cisco UCS B-Series Blade Servers是美国思科(Cisco)公司的一款UCS B系列刀片服务器设备。 Cisco UCS B-Series Blade Servers中本地管理命令行界面的实现存在操作系统命令注入漏洞。该漏洞源于外部输入数据构造操作系统可执行命令过程中,网络系统或产品未正确过滤其中的特殊字符、命令等。攻击者可利用该漏洞执行非法操作系统命令。
英文描述:
A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be allowed for a specific subset of local management CLI commands. The vulnerability is due to lack of proper input validation of user input for local management CLI commands. An attacker could exploit this vulnerability by authenticating to the device and issuing a crafted form of a limited subset of local management CLI commands. An exploit could allow the attacker to overwrite an arbitrary files on disk or inject CLI command parameters that should have been disabled. This vulnerability is fixed in software version 4.0(2a) and later.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco UCS B-Series Blade Server Software | - | < 4.0(2a) | - |
cpe:2.3:a:cisco:cisco_ucs_b-series_blade_server_software:*:*:*:*:*:*:*:*
|
| cisco | unified_computing_system | * | - | - |
cpe:2.3:a:cisco:unified_computing_system:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.0 (cna)
MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2019-1725 |
2025-11-11 15:20:08 | 2025-11-11 07:35:38 |
| NVD | nvd_CVE-2019-1725 |
2025-11-11 14:56:21 | 2025-11-11 07:44:09 |
| CNNVD | cnnvd_CNNVD-201904-845 |
2025-11-11 15:10:11 | 2025-11-11 07:54:29 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-201904-845
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']