Sign-up

ID

VAR-201906-0573


CVE

CVE-2019-1630


TITLE

isco Integrated Management Controller Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005660

DESCRIPTION

A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient checking of an input buffer. An attacker could exploit this vulnerability by passing a crafted file to the affected system. A successful exploit could inhibit an administrator's ability to access the system. Successful exploits may allow an attacker to cause denial-of-service conditions. Due to the nature of this issue, code execution may be possible but this has not been confirmed. This issue is being tracked by Cisco Bug ID CSCvo36079. The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server. A buffer error vulnerability exists in the firmware signature checker in Cisco IMC

Trust: 1.98

sources: NVD: CVE-2019-1630 // JVNDB: JVNDB-2019-005660 // BID: 108846 // VULHUB: VHN-148432

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing systemscope:eqversion:4.0\(1c\)hs3

Trust: 1.0

vendor:ciscomodel:integrated management controllerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:integrated management controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system central softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system 4.0 hs3scope: - version: -

Trust: 0.3

vendor:ciscomodel:ucs c-series serversscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:integrated management controllerscope:eqversion:0

Trust: 0.3

sources: BID: 108846 // JVNDB: JVNDB-2019-005660 // NVD: CVE-2019-1630

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1630
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1630
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1630
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201906-787
value: MEDIUM

Trust: 0.6

VULHUB: VHN-148432
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-1630
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-148432
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1630
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-148432 // JVNDB: JVNDB-2019-005660 // CNNVD: CNNVD-201906-787 // NVD: CVE-2019-1630 // NVD: CVE-2019-1630

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-148432 // JVNDB: JVNDB-2019-005660 // NVD: CVE-2019-1630

THREAT TYPE

local

Trust: 0.9

sources: BID: 108846 // CNNVD: CNNVD-201906-787

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201906-787

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005660

PATCH
title:cisco-sa-20190619-imc-frmwr-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-frmwr-dos
Trust: 0.8
title:Cisco Integrated Management Controller Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93937
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-005660 // 
            
            
            
            CNNVD: CNNVD-201906-787

EXTERNAL IDS
db:NVDid:CVE-2019-1630
Trust: 2.8
db:BIDid:108846
Trust: 2.0
db:JVNDBid:JVNDB-2019-005660
Trust: 0.8
db:CNNVDid:CNNVD-201906-787
Trust: 0.7
db:AUSCERTid:ESB-2019.2188
Trust: 0.6
db:VULHUBid:VHN-148432
Trust: 0.1
sources:
            
            
            VULHUB: VHN-148432 // 
            
            
            
            BID: 108846 // 
            
            
            
            JVNDB: JVNDB-2019-005660 // 
            
            
            
            CNNVD: CNNVD-201906-787 // 
            
            
            
            NVD: CVE-2019-1630

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-frmwr-dos
Trust: 2.0
url:http://www.securityfocus.com/bid/108846
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1630
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1630
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-infodisclos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-dos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-csrf
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-cimc-cli-cmdinj
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-filewrite
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2188/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-148432 // 
            
            
            
            BID: 108846 // 
            
            
            
            JVNDB: JVNDB-2019-005660 // 
            
            
            
            CNNVD: CNNVD-201906-787 // 
            
            
            
            NVD: CVE-2019-1630

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 108846 // 
            
            
            
            CNNVD: CNNVD-201906-787

SOURCES
db:VULHUBid:VHN-148432
db:BIDid:108846
db:JVNDBid:JVNDB-2019-005660
db:CNNVDid:CNNVD-201906-787
db:NVDid:CVE-2019-1630

LAST UPDATE DATE
2024-11-23T22:11:59.664000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-148432date:2019-10-09T00:00:00
db:BIDid:108846date:2019-06-19T00:00:00
db:JVNDBid:JVNDB-2019-005660date:2019-06-25T00:00:00
db:CNNVDid:CNNVD-201906-787date:2019-06-25T00:00:00
db:NVDid:CVE-2019-1630date:2024-11-21T04:36:58.193

SOURCES RELEASE DATE
db:VULHUBid:VHN-148432date:2019-06-20T00:00:00
db:BIDid:108846date:2019-06-19T00:00:00
db:JVNDBid:JVNDB-2019-005660date:2019-06-25T00:00:00
db:CNNVDid:CNNVD-201906-787date:2019-06-20T00:00:00
db:NVDid:CVE-2019-1630date:2019-06-20T03:15:11.667