CVE-2019-1900
Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an attacker to cause the web server to crash. Physical access to the device may be required for a restart.
Una vulnerabilidad en el servidor web de Cisco Integrated Management Controller (IMC) podría permitir que un atacante remoto no autenticado provoque el bloqueo del proceso del servidor web, provocando una condición de denegación de servicio (DoS) en un sistema afectado. La vulnerabilidad se debe a una validación insuficiente de la entrada proporcionada por el usuario en la interfaz web. Un atacante podría aprovechar esta vulnerabilidad al enviar una solicitud HTTP diseñada a ciertos puntos finales del software afectado. Una explotación exitosa podría permitir que un atacante haga que el servidor web se bloquee. Es posible que se requiera acceso físico al dispositivo para reiniciar.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2018-12-06 CVE Reserved
- 2019-08-21 CVE Published
- 2023-03-07 EPSS Updated
- 2024-11-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-dos | 2023-03-31 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Integrated Management Controller Supervisor Search vendor "Cisco" for product "Integrated Management Controller Supervisor" | >= 4.0.0.0 < 4.0\(2f\) Search vendor "Cisco" for product "Integrated Management Controller Supervisor" and version " >= 4.0.0.0 < 4.0\(2f\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs C125 M5 Search vendor "Cisco" for product "Ucs C125 M5" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Supervisor Search vendor "Cisco" for product "Integrated Management Controller Supervisor" | >= 4.0.0.0 < 4.0\(2f\) Search vendor "Cisco" for product "Integrated Management Controller Supervisor" and version " >= 4.0.0.0 < 4.0\(2f\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs C4200 Search vendor "Cisco" for product "Ucs C4200" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Supervisor Search vendor "Cisco" for product "Integrated Management Controller Supervisor" | >= 4.0.0.0 < 4.0\(2f\) Search vendor "Cisco" for product "Integrated Management Controller Supervisor" and version " >= 4.0.0.0 < 4.0\(2f\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs S3260 Search vendor "Cisco" for product "Ucs S3260" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Unified Computing System Search vendor "Cisco" for product "Unified Computing System" | 4.0\(1c\)hs3 Search vendor "Cisco" for product "Unified Computing System" and version "4.0\(1c\)hs3" | - |
Affected
|