How severe is CVE-2019-1682?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2019-1682?

This is classified as CWE-264, which is a common weakness in software security.

CVE-2019-1682 - HIGH Severity | CVSS 7.8

Vulnerability Description

A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerability is due to insufficient input validation for certain command strings issued on the CLI of the affected device. An attacker with write permissions for files within a readable folder on the device could alter certain definitions in the affected file. A successful exploit could allow an attacker to cause the underlying FUSE driver to execute said crafted commands, elevating the attacker's privileges to root on an affected device.

Related Vulnerabilities

CVE-2008-1246

HIGH

CVSS:7.8(High)

The Cisco PIX/ASA Finesse Operation System 7.1 and 7.2 allows local users to gain privileges by entering characters at the enable prompt, erasing these characters via the Backspace key, and then holdi...

CWE-2642008

CVE-2010-2554

HIGH

CVSS:7.8(High)

The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain ...

CWE-2642010

CVE-2013-3024

HIGH

CVSS:7.8(High)

IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.

CWE-2642013

CVE-2013-6876

HIGH

CVSS:7.8(High)

The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and ear...

CWE-2642013

CVE-2014-10070

HIGH

CVSS:7.8(High)

zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, ...

CWE-2642014

CVE-2014-1226

HIGH

CVSS:7.8(High)

The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of ...

CWE-2642014