CVE-2019-16003

CWE-306 — Missing Authentication4 documents4 sources

Severity

5.3MEDIUM

EPSS

1.1%

top 22.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco UCS Director Cisco UCS Director

Timeline

PublishedJan 26

Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to download system log files from an affected device. The vulnerability is due to an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to download log files if they were previously generated by an administrator.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDcisco/ucs_director< 6.7.3.1

▶CVEListV5cisco/cisco_ucs_directorunspecified — n/a

🔴Vulnerability Details

GHSA

GHSA-5h32-5fxq-gm74: A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to download system log fil↗2022-05-24

▶

CVEList

Cisco UCS Director Information Disclosure Vulnerability↗2020-01-26

▶

📋Vendor Advisories

Cisco

Cisco UCS Director Information Disclosure Vulnerability↗2020-01-08

▶