CVE-2019-1907
Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker with read-only privileges to gain administrator privileges.
Una vulnerabilidad en el servidor web de Cisco Integrated Management Controller (IMC) podría permitir que un atacante remoto autenticado establezca valores de configuración confidenciales y obtenga privilegios elevados. La vulnerabilidad se debe al manejo inadecuado de las operaciones de comparación de subcadenas que realiza el software afectado. Un atacante podría aprovechar esta vulnerabilidad enviando una solicitud HTTP diseñada al software afectado. Una explotación exitosa podría permitir al atacante con privilegios de solo lectura obtener privilegios de administrador.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2018-12-06 CVE Reserved
- 2019-08-21 CVE Published
- 2023-05-08 EPSS Updated
- 2024-11-20 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-285: Improper Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Integrated Management Controller Supervisor Search vendor "Cisco" for product "Integrated Management Controller Supervisor" | < 4.0\(4b\) Search vendor "Cisco" for product "Integrated Management Controller Supervisor" and version " < 4.0\(4b\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs C125 M5 Search vendor "Cisco" for product "Ucs C125 M5" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Integrated Management Controller Supervisor Search vendor "Cisco" for product "Integrated Management Controller Supervisor" | < 4.0\(4b\) Search vendor "Cisco" for product "Integrated Management Controller Supervisor" and version " < 4.0\(4b\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs C4200 Search vendor "Cisco" for product "Ucs C4200" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Integrated Management Controller Supervisor Search vendor "Cisco" for product "Integrated Management Controller Supervisor" | < 4.0\(4b\) Search vendor "Cisco" for product "Integrated Management Controller Supervisor" and version " < 4.0\(4b\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs S3260 Search vendor "Cisco" for product "Ucs S3260" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Integrated Management Controller Supervisor Search vendor "Cisco" for product "Integrated Management Controller Supervisor" | < 4.0\(2f\) Search vendor "Cisco" for product "Integrated Management Controller Supervisor" and version " < 4.0\(2f\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs C125 M5 Search vendor "Cisco" for product "Ucs C125 M5" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Integrated Management Controller Supervisor Search vendor "Cisco" for product "Integrated Management Controller Supervisor" | < 4.0\(2f\) Search vendor "Cisco" for product "Integrated Management Controller Supervisor" and version " < 4.0\(2f\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs C4200 Search vendor "Cisco" for product "Ucs C4200" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Integrated Management Controller Supervisor Search vendor "Cisco" for product "Integrated Management Controller Supervisor" | < 4.0\(2f\) Search vendor "Cisco" for product "Integrated Management Controller Supervisor" and version " < 4.0\(2f\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs S3260 Search vendor "Cisco" for product "Ucs S3260" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Unified Computing System Search vendor "Cisco" for product "Unified Computing System" | 4.0\(1c\)hs3 Search vendor "Cisco" for product "Unified Computing System" and version "4.0\(1c\)hs3" | - |
Affected
| ||||||