CVE-2019-1900

CWE-476 — NULL Pointer Dereference5 documents5 sources

Severity

7.5HIGH

EPSS

0.3%

top 50.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Unified Computing System (management Software)Cisco Integrated Management Controller Supervisor Cisco Unified Computing System

Timeline

PublishedAug 21

Latest updateMay 24

Description

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDcisco/integrated_management_controller_supervisor4.0.0.0 — 4.0\(2f\)

▶CVEListV5cisco/cisco_unified_computing_system_(management_software)unspecified — 4.0(2f)

▶NVDcisco/unified_computing_system4.0\(1c\)hs3

🔴Vulnerability Details

GHSA

GHSA-7674-7g97-mwgj: A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web ser↗2022-05-24

▶

CVEList

Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability↗2019-08-21

▶

💥Exploits & PoCs

Exploit-DB

D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit)↗2020-02-10

▶

📋Vendor Advisories

Cisco

Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability↗2019-08-21

▶