Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-1937

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to use the acquired session token to gain full administrator access to the affected device.

Published

2019-08-21T19:15:15.403

Last Modified

2024-11-21T04:37:43.487

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-287
Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	integrated_management_controller_supervisor	≤ 2.2.0.6	Yes
Application	cisco	ucs_director	≤ 6.6.1.0	Yes
Application	cisco	ucs_director	≤ 6.7.1.0	Yes
Application	cisco	ucs_director	6.7\(0.0.67265\)	Yes
Application	cisco	ucs_director_express_for_big_data	≤ 3.7.1.0	Yes
Application	cisco	ucs_director_express_for_big_data	3.6.0.0	Yes

References

http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html Exploit, Third Party Advisory ([email protected])
http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html ([email protected])
http://packetstormsecurity.com/files/173531/Cisco-UCS-IMC-Supervisor-2.2.0.0-Authentication-Bypass.html ([email protected])
http://seclists.org/fulldisclosure/2019/Aug/36 ([email protected])
https://seclists.org/bugtraq/2019/Aug/49 Third Party Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authby Vendor Advisory ([email protected])
http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html (af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/173531/Cisco-UCS-IMC-Supervisor-2.2.0.0-Authentication-Bypass.html (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2019/Aug/36 (af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Aug/49 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authby Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)