CVE-2019-1632
Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to use a web browser and the privileges of the user to perform arbitrary actions on the affected device.
Una vulnerabilidad en la interfaz de administración basada en web de Integrated Management Controller (IMC) de Cisco, podría permitir a un atacante remoto autenticado conducir un ataque de tipo cross-site request forgery (CSRF) y realizar acciones arbitrarias en un dispositivo afectado. Una vulnerabilidad es debido a las insuficientes protecciones CSRF para la interfaz de administración basada en web del dispositivo afectado. Un atacante podría explotar esta vulnerabilidad al persuadir a un usuario para que siga un enlace malicioso. Una explotación con éxito podría permitir al atacante utilizar un navegador web y los privilegios del usuario para realizar acciones arbitrarias en el dispositivo afectado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-06 CVE Reserved
- 2019-06-20 CVE Published
- 2023-07-29 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/108858 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-csrf | 2019-10-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | - | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Unified Computing System Search vendor "Cisco" for product "Unified Computing System" | 4.0\(1c\)hs3 Search vendor "Cisco" for product "Unified Computing System" and version "4.0\(1c\)hs3" | - |
Affected
|