11 June 2019
Dangerous vulnerability fixed in Cisco Industrial Network Director
A vulnerability, CVE-2019-1861, has been fixed in Cisco Industrial Network Director (IND), an industrial network management solution. The vulnerability affects Cisco IND versions prior to 1.6.0 and is due to improper validation of files uploaded to the affected application. Successful exploitation allows an authenticated, remote attacker to execute arbitrary code on devices running the vulnerable software. A CVSS v.3 base score of 7.2 has been calculated for this vulnerability.
Updating the Cisco IND software to version 1.6.0 or later is recommended to address the above vulnerability.