How severe is CVE-2019-1889?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2019-1889?

This is classified as CWE-264, which is a common weakness in software security.

CVE-2019-1889 - HIGH Severity | CVSS 7.2

Vulnerability Description

A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checking for the file path when specific software is uploaded. An attacker could exploit this vulnerability by uploading malicious software using the REST API. A successful exploit could allow an attacker to escalate their privilege level to root. The attacker would need to have the administrator role on the device.

Related Vulnerabilities

CVE-2015-5252

HIGH

CVSS:7.2(High)

vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended fi...

CWE-2642015

CVE-2016-2281

HIGH

CVSS:7.2(High)

Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

CWE-2642016

CVE-2016-8494

HIGH

CVSS:7.2(High)

Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme.

CWE-2642016

CVE-2016-9097

HIGH

CVSS:7.2(High)

The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain ci...

CWE-2642016

CVE-2016-9871

HIGH

CVSS:7.2(High)

EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially b...

CWE-2642016

CVE-2018-0440

HIGH

CVSS:7.2(High)

A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level ...

CWE-2642018