CVE-2019-12634
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Denial of Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inability to maintain a session in the web-based management portal.
Una vulnerabilidad en la interfaz de administración basada en la web del Supervisor del Controlador Integrado de Administración de Cisco (IMC), el Director de Cisco UCS y el Director de Cisco UCS Express para Big Data podría permitir que un atacante remoto no autenticado cause una condición de denegación de servicio (DoS). La vulnerabilidad se debe a una falta de verificación de autenticación en una llamada a la API. Un atacante que puede enviar una solicitud a un sistema afectado podría hacer que todos los usuarios autenticados actualmente cierren sesión. La explotación repetida podría causar la incapacidad de mantener una sesión en el portal de administración basado en la web.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2019-06-04 CVE Reserved
- 2019-08-21 CVE Published
- 2023-03-07 EPSS Updated
- 2024-11-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Integrated Management Controller Supervisor Search vendor "Cisco" for product "Integrated Management Controller Supervisor" | >= 2.2.0.3 <= 2.2.0.6 Search vendor "Cisco" for product "Integrated Management Controller Supervisor" and version " >= 2.2.0.3 <= 2.2.0.6" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ucs Director Search vendor "Cisco" for product "Ucs Director" | >= 6.7.0.0 <= 6.7.2.0 Search vendor "Cisco" for product "Ucs Director" and version " >= 6.7.0.0 <= 6.7.2.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ucs Director Search vendor "Cisco" for product "Ucs Director" | 6.6.0.0 Search vendor "Cisco" for product "Ucs Director" and version "6.6.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ucs Director Search vendor "Cisco" for product "Ucs Director" | 6.6.1.0 Search vendor "Cisco" for product "Ucs Director" and version "6.6.1.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ucs Director Express For Big Data Search vendor "Cisco" for product "Ucs Director Express For Big Data" | >= 3.7.0.0 <= 3.7.2.0 Search vendor "Cisco" for product "Ucs Director Express For Big Data" and version " >= 3.7.0.0 <= 3.7.2.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ucs Director Express For Big Data Search vendor "Cisco" for product "Ucs Director Express For Big Data" | 3.6.0.0 Search vendor "Cisco" for product "Ucs Director Express For Big Data" and version "3.6.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ucs Director Express For Big Data Search vendor "Cisco" for product "Ucs Director Express For Big Data" | 3.6.1.0 Search vendor "Cisco" for product "Ucs Director Express For Big Data" and version "3.6.1.0" | - |
Affected
| ||||||