Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-1936

CWE-20Improper Input Validation5 documents5 sources
Severity
7.2HIGH
EPSS
66.6%
top 1.46%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Cisco Cisco Unified Computing System DirectorCisco Integrated Management Controller SupervisorCisco UCS Director+1 more
Timeline
PublishedAug 21
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged access to an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages4 packages

NVDcisco/ucs_director_express5 versions+4
CVEListV5cisco/cisco_unified_computing_system_directorunspecified6.7.3.0
NVDcisco/ucs_director7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-v93p-j269-v6hr: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Di2022-05-24
CVEList
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability2019-08-21

💥Exploits & PoCs

1
Metasploit
Cisco UCS Director Unauthenticated Remote Code Execution

📋Vendor Advisories

1
Cisco
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability2019-08-21
CVE-2019-1936 (HIGH CVSS 7.2) | A vulnerability in the web-based ma | cvebase.io