CVE-2019-1937
21.08.2019, 19:15
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to use the acquired session token to gain full administrator access to the affected device.Enginsight
| Vendor | Product | Version |
|---|---|---|
| cisco | integrated_management_controller_supervisor | 2.2.0.3 ≤ 𝑥 ≤ 2.2.0.6 |
| cisco | ucs_director | 6.6.0.0 ≤ 𝑥 ≤ 6.6.1.0 |
| cisco | ucs_director | 6.7.0.0 ≤ 𝑥 ≤ 6.7.1.0 |
| cisco | ucs_director | 6.7\(0.0.67265\) |
| cisco | ucs_director_express_for_big_data | 3.7.0.0 ≤ 𝑥 ≤ 3.7.1.0 |
| cisco | ucs_director_express_for_big_data | 3.6.0.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References