CVE-2019-1935

Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. Changing the default password for this account is not enforced during the installation of the product. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database.

Una vulnerabilidad en Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, y Cisco UCS Director Express for Big Data podría permitir que un atacante remoto no autenticado inicie sesión en la CLI de un sistema afectado utilizando la cuenta de usuario SCP (scpuser) , que tiene credenciales de usuario predeterminadas. La vulnerabilidad se debe a la presencia de una cuenta predeterminada documentada con una contraseña predeterminada no documentada y una configuración de permisos incorrecta para esa cuenta. El cambio de la contraseña predeterminada para esta cuenta no se aplica durante la instalación del producto. Un atacante podría aprovechar esta vulnerabilidad utilizando la cuenta para iniciar sesión en un sistema afectado. Una explotación exitosa podría permitir al atacante ejecutar comandos arbitrarios con los privilegios de la cuenta scpuser. Esto incluye acceso completo de lectura y escritura a la base de datos del sistema.

Cisco UCS Director, Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data suffer from default password, authentication bypass, and command injection vulnerabilities.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2018-12-06 CVE Reserved
2019-08-21 CVE Published
2019-09-03 First Exploit
2024-10-25 EPSS Updated
2024-11-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-798: Use of Hard-coded Credentials

CAPEC

References (6)

URL	Tag	Source
http://packetstormsecurity.com/files/154305/Cisco-UCS-Director-Default-scpuser-Password.html	Third Party Advisory
http://seclists.org/fulldisclosure/2019/Aug/36	Mailing List

URL	Date	SRC
https://www.exploit-db.com/exploits/47346	2019-09-03
http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html	2024-11-19
https://seclists.org/bugtraq/2019/Aug/49	2024-11-19

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-usercred	2023-03-31

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Integrated Management Controller Supervisor Search vendor "Cisco" for product "Integrated Management Controller Supervisor"				>= 2.2.0.0 <= 2.2.0.6 Search vendor "Cisco" for product "Integrated Management Controller Supervisor" and version " >= 2.2.0.0 <= 2.2.0.6"		-		Affected
Cisco Search vendor "Cisco"		Integrated Management Controller Supervisor Search vendor "Cisco" for product "Integrated Management Controller Supervisor"				2.1.0.0 Search vendor "Cisco" for product "Integrated Management Controller Supervisor" and version "2.1.0.0"		-		Affected
Cisco Search vendor "Cisco"		Ucs Director Search vendor "Cisco" for product "Ucs Director"				6.0.0.0 Search vendor "Cisco" for product "Ucs Director" and version "6.0.0.0"		-		Affected
Cisco Search vendor "Cisco"		Ucs Director Search vendor "Cisco" for product "Ucs Director"				6.5.0.0 Search vendor "Cisco" for product "Ucs Director" and version "6.5.0.0"		-		Affected
Cisco Search vendor "Cisco"		Ucs Director Search vendor "Cisco" for product "Ucs Director"				6.6.0.0 Search vendor "Cisco" for product "Ucs Director" and version "6.6.0.0"		-		Affected
Cisco Search vendor "Cisco"		Ucs Director Search vendor "Cisco" for product "Ucs Director"				6.6.1.0 Search vendor "Cisco" for product "Ucs Director" and version "6.6.1.0"		-		Affected
Cisco Search vendor "Cisco"		Ucs Director Search vendor "Cisco" for product "Ucs Director"				6.7\(0.0.67265\) Search vendor "Cisco" for product "Ucs Director" and version "6.7\(0.0.67265\)"		-		Affected
Cisco Search vendor "Cisco"		Ucs Director Search vendor "Cisco" for product "Ucs Director"				6.7.0.0 Search vendor "Cisco" for product "Ucs Director" and version "6.7.0.0"		-		Affected
Cisco Search vendor "Cisco"		Ucs Director Search vendor "Cisco" for product "Ucs Director"				6.7.1.0 Search vendor "Cisco" for product "Ucs Director" and version "6.7.1.0"		-		Affected
Cisco Search vendor "Cisco"		Ucs Director Express For Big Data Search vendor "Cisco" for product "Ucs Director Express For Big Data"				3.0.0.0 Search vendor "Cisco" for product "Ucs Director Express For Big Data" and version "3.0.0.0"		-		Affected
Cisco Search vendor "Cisco"		Ucs Director Express For Big Data Search vendor "Cisco" for product "Ucs Director Express For Big Data"				3.5.0.0 Search vendor "Cisco" for product "Ucs Director Express For Big Data" and version "3.5.0.0"		-		Affected
Cisco Search vendor "Cisco"		Ucs Director Express For Big Data Search vendor "Cisco" for product "Ucs Director Express For Big Data"				3.6.0.0 Search vendor "Cisco" for product "Ucs Director Express For Big Data" and version "3.6.0.0"		-		Affected
Cisco Search vendor "Cisco"		Ucs Director Express For Big Data Search vendor "Cisco" for product "Ucs Director Express For Big Data"				3.7.0.0 Search vendor "Cisco" for product "Ucs Director Express For Big Data" and version "3.7.0.0"		-		Affected
Cisco Search vendor "Cisco"		Ucs Director Express For Big Data Search vendor "Cisco" for product "Ucs Director Express For Big Data"				3.7.1.0 Search vendor "Cisco" for product "Ucs Director Express For Big Data" and version "3.7.1.0"		-		Affected