CVE-2019-1883— Cisco Integrated Management Controller CLI Command Injection Vulnerability

EPSS 0.14% · P34 Updated Feb 23, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-1883

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Cisco Integrated Management Controller CLI Command Injection Vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow an attacker to execute arbitrary commands on the device with root privileges.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Cisco Integrated Management Controller 操作系统命令注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Cisco Integrated Management Controller（IMC）是美国思科（Cisco）公司的一套用于对UCS（统一计算系统）进行管理的软件。该软件支持HTTP、SSH访问等，并可对服务器进行开机、关机和重启等操作。 Cisco IMC中的命令行界面存在操作系统命令注入漏洞，该漏洞源于程序没有充分验证用户提交的输入。本地攻击者可通过进行身份验证并提交特制的输入利用该漏洞注入任意命令并获取root权限。以下产品及版本受到影响：Cisco UCS C-Series和S-Series Se

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Cisco	Cisco Unified Computing System E-Series Software (UCSE)	unspecified ~ 3.0(4k)	-

II. Public POCs for CVE-2019-1883

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2019-1883

请登录查看更多情报信息。

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-cimc-cli-injectvendor-advisoryx_refsource_CISCO
https://nvd.nist.gov/vuln/detail/CVE-2019-1883

Same Patch Batch · Cisco · 2019-08-21 · 27 CVEs total

CVE-2019-1864		Cisco Integrated Management Controller Command Injection Vulnerability
CVE-2019-12623		Cisco Enterprise Network Functions Virtualization Infrastructure Software File Enumeration
CVE-2019-12622		Cisco RoomOS Software Privilege Escalation Vulnerability
CVE-2019-12621		Cisco HyperFlex Static SSL Key Vulnerability
CVE-2019-12634		Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Direc
CVE-2019-12627		Cisco Firepower Threat Defense Software Information Disclosure Vulnerability
CVE-2019-12626		Cisco Unified Contact Center Express Stored Cross-Site Scripting Vulnerability
CVE-2019-12624		Cisco IOS XE NGWC Legacy Wireless Device Manager GUI Cross-Site Request Forgery Vulnerabil
CVE-2019-1850		Cisco Integrated Management Controller Command Injection Vulnerability
CVE-2019-1839		Cisco Remote PHY Device Software Command Injection Vulnerability
CVE-2019-1634		Cisco Integrated Management Controller Command Injection Vulnerability
CVE-2019-1871		Cisco Integrated Management Controller Buffer Overflow Vulnerability
CVE-2019-1865		Cisco Integrated Management Controller Command Injection Vulnerability
CVE-2019-1938		Cisco UCS Director and Cisco UCS Director Express for Big Data API Authentication Bypass V
CVE-2019-1863		Cisco Integrated Management Controller Privilege Escalation Vulnerability
CVE-2019-1900		Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability
CVE-2019-1896		Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability
CVE-2019-1885		Cisco Integrated Management Controller Command Injection Vulnerability
CVE-2019-1937		Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Direc
CVE-2019-1936		Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Direc

Showing top 20 of 27 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Cisco Unified Computing System E-Series Software (UCSE)

Same vendor: Cisco

Same weakness: CWE-78

V. Comments for CVE-2019-1883

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2019-1883— Cisco Integrated Management Controller CLI Command Injection Vulnerability

I. Basic Information for CVE-2019-1883

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2019-1883

III. Intelligence Information for CVE-2019-1883

Same Patch Batch · Cisco · 2019-08-21 · 27 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2019-1883

Leave a comment