Sign-up

ID

VAR-201906-0572


CVE

CVE-2019-1629


TITLE

Cisco Integrated Management Controller Vulnerabilities related to lack of authentication for critical functions

Trust: 0.8

sources: JVNDB: JVNDB-2019-005664

DESCRIPTION

A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the affected device. An exploit could allow the attacker to fill up the filesystem or upload malicious scripts. Cisco Integrated Management Controller (IMC) Is vulnerable to a lack of authentication for critical functions.Information may be tampered with. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvo35982. The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server

Trust: 1.98

sources: NVD: CVE-2019-1629 // JVNDB: JVNDB-2019-005664 // BID: 108852 // VULHUB: VHN-148421

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing systemscope:eqversion:4.0\(1c\)hs3

Trust: 1.0

vendor:ciscomodel:integrated management controllerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:integrated management controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system central softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system 4.0 hs3scope: - version: -

Trust: 0.3

vendor:ciscomodel:integrated management controllerscope:eqversion:0

Trust: 0.3

sources: BID: 108852 // JVNDB: JVNDB-2019-005664 // NVD: CVE-2019-1629

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1629
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1629
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1629
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201906-789
value: MEDIUM

Trust: 0.6

VULHUB: VHN-148421
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1629
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-148421
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1629
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-148421 // JVNDB: JVNDB-2019-005664 // CNNVD: CNNVD-201906-789 // NVD: CVE-2019-1629 // NVD: CVE-2019-1629

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

sources: VULHUB: VHN-148421 // JVNDB: JVNDB-2019-005664 // NVD: CVE-2019-1629

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-789

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201906-789

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005664

PATCH
title:cisco-sa-20190619-imc-filewriteurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-filewrite
Trust: 0.8
title:Cisco Integrated Management Controller Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93939
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-005664 // 
            
            
            
            CNNVD: CNNVD-201906-789

EXTERNAL IDS
db:NVDid:CVE-2019-1629
Trust: 2.8
db:BIDid:108852
Trust: 2.0
db:JVNDBid:JVNDB-2019-005664
Trust: 0.8
db:CNNVDid:CNNVD-201906-789
Trust: 0.7
db:AUSCERTid:ESB-2019.2188
Trust: 0.6
db:NSFOCUSid:43523
Trust: 0.6
db:VULHUBid:VHN-148421
Trust: 0.1
sources:
            
            
            VULHUB: VHN-148421 // 
            
            
            
            BID: 108852 // 
            
            
            
            JVNDB: JVNDB-2019-005664 // 
            
            
            
            CNNVD: CNNVD-201906-789 // 
            
            
            
            NVD: CVE-2019-1629

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-filewrite
Trust: 2.0
url:http://www.securityfocus.com/bid/108852
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1629
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1629
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-infodisclos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-dos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-frmwr-dos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-csrf
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-cimc-cli-cmdinj
Trust: 0.6
url:http://www.nsfocus.net/vulndb/43523
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2188/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-148421 // 
            
            
            
            BID: 108852 // 
            
            
            
            JVNDB: JVNDB-2019-005664 // 
            
            
            
            CNNVD: CNNVD-201906-789 // 
            
            
            
            NVD: CVE-2019-1629

CREDITS
Cisco  ?? ??,Cisco.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201906-789

SOURCES
db:VULHUBid:VHN-148421
db:BIDid:108852
db:JVNDBid:JVNDB-2019-005664
db:CNNVDid:CNNVD-201906-789
db:NVDid:CVE-2019-1629

LAST UPDATE DATE
2024-11-23T22:11:59.566000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-148421date:2019-10-09T00:00:00
db:BIDid:108852date:2019-06-21T00:00:00
db:JVNDBid:JVNDB-2019-005664date:2019-06-25T00:00:00
db:CNNVDid:CNNVD-201906-789date:2019-06-25T00:00:00
db:NVDid:CVE-2019-1629date:2024-11-21T04:36:58.060

SOURCES RELEASE DATE
db:VULHUBid:VHN-148421date:2019-06-20T00:00:00
db:BIDid:108852date:2019-06-21T00:00:00
db:JVNDBid:JVNDB-2019-005664date:2019-06-25T00:00:00
db:CNNVDid:CNNVD-201906-789date:2019-06-20T00:00:00
db:NVDid:CVE-2019-1629date:2019-06-20T03:15:11.603