cbcvebase.
CVE-2019-1938
published 2019-08-21

CVE-2019-1938: A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote…

PriorityP270critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.57%
90.4th percentile
A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper authentication request handling. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an unprivileged attacker to access and execute arbitrary actions through certain APIs.

Affected

6 ranges
VendorProductVersion rangeFixed in
ciscocisco_unified_computing_system_director>= unspecified < 6.7.3.06.7.3.0
ciscoucs_director
ciscoucs_director
ciscoucs_director_and_cisco_ucs_director_express_for_big_data
ciscoucs_director_express_for_big_data
ciscoucs_director_express_for_big_data

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit involves sending crafted HTTP requests to the web-based management interface of Cisco UCS Director to bypass authentication and access privileged APIs
  • The vulnerability is rooted in improper authentication request handling (CWE-287); monitor for unauthenticated API calls reaching privileged endpoints on Cisco UCS Director
  • ·No workarounds are available; the only remediation is applying Cisco's released software updates
  • ·Affects both Cisco UCS Director and Cisco UCS Director Express for Big Data; both products should be assessed and patched

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.