CVE-2019-1907

CVE Database · CVE-2019-1907

CVE-2019-1907

· HIGHModified

CVSS v3.1

8.8

EPSS

1.37%

Published

Aug 21, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker with read-only privileges to gain administrator privileges.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-285

Affected Products (9)

cisco · unified_computing_systemvulnerable

cisco · integrated_management_controller_supervisor (up to 4.0\(4b\))vulnerable

cisco · ucs_c125_m5

cisco · ucs_c4200

cisco · ucs_s3260

cisco · integrated_management_controller_supervisor (up to 4.0\(2f\))vulnerable

cisco · ucs_c125_m5

cisco · ucs_c4200

cisco · ucs_s3260

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privescal

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privescal

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs