CVE-2019-1974Improper Authentication in Cisco Unified Computing System Director

CWE-287Improper Authentication4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
11.6%
top 6.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Unified Computing System DirectorCisco Integrated Management Controller SupervisorCisco UCS Director+1 more
Timeline
PublishedAug 21
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affect

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

NVDcisco/ucs_director_express2.1.0.02.1.0.2+5
CVEListV5cisco/cisco_unified_computing_system_directorunspecified6.7.3.0
NVDcisco/ucs_director5.5.0.05.5.0.2+6

🔴Vulnerability Details

2
GHSA
GHSA-gxx4-r6p9-84cg: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Di2022-05-24
CVEList
Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability2019-08-21

📋Vendor Advisories

1
Cisco
Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability2019-08-21