cbcvebase.
CVE-2019-12634
published 2019-08-21

CVE-2019-12634: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director…

high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inability to maintain a session in the web-based management portal.

Affected

9 ranges
VendorProductVersion rangeFixed in
ciscocisco_unified_computing_system_director>= unspecified < 6.7.3.06.7.3.0
ciscointegrated_management_controller_supervisor2.2.0.3 – 2.2.0.6
ciscointegrated_management_controller_supervisor_cisco_ucs_director_and_cisco_ucs_dir
ciscoucs_director
ciscoucs_director
ciscoucs_director6.7.0.0 – 6.7.2.0
ciscoucs_director_express_for_big_data
ciscoucs_director_express_for_big_data
ciscoucs_director_express_for_big_data3.7.0.0 – 3.7.2.0