CVE-2019-1627

CWE-78 — OS Command Injection CWE-312 — Cleartext Storage of Sensitive Info4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 64.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Unified Computing System (management Software)Cisco Unified Computing System

Timeline

PublishedJun 20

Latest updateMay 24

Description

A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient protection of data in the configuration file. An attacker could exploit this vulnerability by downloading the configuration file. An exploit could allow the attacker to use the sensitive information f…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_unified_computing_system_(management_software)unspecified — 4.0(4b)

▶NVDcisco/unified_computing_system4.0\(1c\)hs3

🔴Vulnerability Details

GHSA

GHSA-j3hq-7fm4-h8h6: A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthor↗2022-05-24

▶

CVEList

Cisco Integrated Management Controller Information Disclosure Vulnerability↗2019-06-20

▶

📋Vendor Advisories

Cisco

Cisco Integrated Management Controller Information Disclosure Vulnerability↗2019-06-19

▶