CVE-2019-1966— Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-1966
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand options present for a specific CLI command within the local-mgmt context. An attacker could exploit this vulnerability by authenticating to an affected device, entering the local-mgmt context, and issuing a specific CLI command and submitting user input. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid user credentials for the device.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
权限、特权和访问控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco UCS 6200 Series Fabric Interconnects、UCS 6300 Series Fabric Interconnects和UCS 6400 Series Fabric Interconnects 权限许可和访问控制问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco UCS 6200 Series Fabric Interconnects等都是美国思科(Cisco)公司的产品。Cisco UCS 6200 Series Fabric Interconnects是一款6200系列的交换矩阵设备。UCS 6300 Series Fabric Interconnects是一款6300系列交换矩阵设备。UCS 6400 Series Fabric Interconnects是一款6400系列交换矩阵设备。 Cisco UCS 6200 Series Fabric
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System (Managed) | unspecified ~ 4.0(2a) | - |
II. Public POCs for CVE-2019-1966
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-1966
Please Login to view more intelligence information
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-ucs-privescalationvendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2019-1966
Same Patch Batch · Cisco · 2019-08-29 · 5 CVEs total
| CVE-2019-1967 | Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability | |
| CVE-2019-1977 | Cisco Nexus 9000 Series Fabric Switches ACI Mode Border Leaf Endpoint Learning Vulnerabili | |
| CVE-2019-1969 | Cisco NX-OS Software SNMP Access Control List Configuration Name Bypass Vulnerability | |
| CVE-2019-1968 | Cisco NX-OS Software NX-API Denial of Service Vulnerability |
IV. Related Vulnerabilities
Same product: Cisco Unified Computing System (Managed)
- CVE-2026-20037
Cisco UCS Manager File Write Vulnerability - CVE-2026-20036
Cisco UCS Manager Software Command Injection Vulnerability - CVE-2025-20295
Cisco UCS Manager Software Command Injection Vulnerability - CVE-2025-20294
Cisco UCS Manager Software Command Injection Vulnerability - CVE-2025-20342
Cisco Integrated Management Controller Virtual Keyboard Vide
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
V. Comments for CVE-2019-1966
No comments yet