CVE-2019-1908

CWE-200Information ExposureCWE-122Heap-based Buffer Overflow11 documents7 sources
Severity
7.5HIGH
EPSS
0.9%
top 24.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Cisco Unified Computing System (management Software)Cisco Integrated Management Controller SupervisorCisco Unified Computing System
Timeline
PublishedAug 21
Latest updateMay 24

Description

A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the affected software. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

🔴Vulnerability Details

2
GHSA
GHSA-m28c-69j7-79gf: A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an2022-05-24
CVEList
Cisco Integrated Management Controller Information Disclosure Vulnerability2019-08-21

💥Exploits & PoCs

1
Exploit-DB
rConfig - install Command Execution (Metasploit)2019-11-08

📋Vendor Advisories

4
Red Hat
rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c2019-10-01
Red Hat
rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c2019-09-30
Red Hat
rsyslog: out-of-bounds read in contrib/pmdb2diag/pmdb2diag.c2019-09-24
Cisco
Cisco Integrated Management Controller Information Disclosure Vulnerability2019-08-21

💬Community

2
Bugzilla
CVE-2019-17040 rsyslog: out-of-bounds read in contrib/pmdb2diag/pmdb2diag.c2019-10-29
Bugzilla
CVE-2019-17041 rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c2019-10-29