CVE-2019-1974
Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to gain full administrative access to the affected device.
Una vulnerabilidad en la interfaz de administración basada en la web del Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, y Cisco UCS Director Express for Big Data podría permitir que un atacante remoto no autenticado omita la autenticación del usuario y obtenga acceso como usuario administrativo. La vulnerabilidad se debe a una validación insuficiente del encabezado de la solicitud durante el proceso de autenticación. Un atacante podría aprovechar esta vulnerabilidad enviando una serie de solicitudes maliciosas a un dispositivo afectado. Un exploit podría permitir al atacante obtener acceso administrativo completo al dispositivo afectado.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2018-12-06 CVE Reserved
- 2019-08-21 CVE Published
- 2024-07-12 EPSS Updated
- 2024-11-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Integrated Management Controller Supervisor Search vendor "Cisco" for product "Integrated Management Controller Supervisor" | >= 2.2.0.0 <= 2.2.0.6 Search vendor "Cisco" for product "Integrated Management Controller Supervisor" and version " >= 2.2.0.0 <= 2.2.0.6" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Integrated Management Controller Supervisor Search vendor "Cisco" for product "Integrated Management Controller Supervisor" | 2.1.0.0 Search vendor "Cisco" for product "Integrated Management Controller Supervisor" and version "2.1.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ucs Director Search vendor "Cisco" for product "Ucs Director" | >= 5.5.0.0 <= 5.5.0.2 Search vendor "Cisco" for product "Ucs Director" and version " >= 5.5.0.0 <= 5.5.0.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ucs Director Search vendor "Cisco" for product "Ucs Director" | >= 6.0.0.0 <= 6.0.1.3 Search vendor "Cisco" for product "Ucs Director" and version " >= 6.0.0.0 <= 6.0.1.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ucs Director Search vendor "Cisco" for product "Ucs Director" | >= 6.5.0.0 <= 6.5.0.3 Search vendor "Cisco" for product "Ucs Director" and version " >= 6.5.0.0 <= 6.5.0.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ucs Director Search vendor "Cisco" for product "Ucs Director" | >= 6.6.0.0 <= 6.6.1.0 Search vendor "Cisco" for product "Ucs Director" and version " >= 6.6.0.0 <= 6.6.1.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ucs Director Search vendor "Cisco" for product "Ucs Director" | >= 6.7.0.0 <= 6.7.2.0 Search vendor "Cisco" for product "Ucs Director" and version " >= 6.7.0.0 <= 6.7.2.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ucs Director Search vendor "Cisco" for product "Ucs Director" | 6.7\(1.1\) Search vendor "Cisco" for product "Ucs Director" and version "6.7\(1.1\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ucs Director Search vendor "Cisco" for product "Ucs Director" | 6.7\(2.0\) Search vendor "Cisco" for product "Ucs Director" and version "6.7\(2.0\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ucs Director Express For Big Data Search vendor "Cisco" for product "Ucs Director Express For Big Data" | >= 2.1.0.0 <= 2.1.0.2 Search vendor "Cisco" for product "Ucs Director Express For Big Data" and version " >= 2.1.0.0 <= 2.1.0.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ucs Director Express For Big Data Search vendor "Cisco" for product "Ucs Director Express For Big Data" | >= 3.0.0.0 <= 3.0.1.3 Search vendor "Cisco" for product "Ucs Director Express For Big Data" and version " >= 3.0.0.0 <= 3.0.1.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ucs Director Express For Big Data Search vendor "Cisco" for product "Ucs Director Express For Big Data" | >= 3.5.0.0 <= 3.5.0.3 Search vendor "Cisco" for product "Ucs Director Express For Big Data" and version " >= 3.5.0.0 <= 3.5.0.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ucs Director Express For Big Data Search vendor "Cisco" for product "Ucs Director Express For Big Data" | >= 3.7.0.0 <= 3.7.2.0 Search vendor "Cisco" for product "Ucs Director Express For Big Data" and version " >= 3.7.0.0 <= 3.7.2.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ucs Director Express For Big Data Search vendor "Cisco" for product "Ucs Director Express For Big Data" | 3.6.0.0 Search vendor "Cisco" for product "Ucs Director Express For Big Data" and version "3.6.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ucs Director Express For Big Data Search vendor "Cisco" for product "Ucs Director Express For Big Data" | 3.6.1.0 Search vendor "Cisco" for product "Ucs Director Express For Big Data" and version "3.6.1.0" | - |
Affected
| ||||||