Sign-up

ID

VAR-201906-0600


CVE

CVE-2019-1631


TITLE

Cisco Integrated Management Controller Vulnerabilities related to lack of authentication for critical functions

Trust: 0.8

sources: JVNDB: JVNDB-2019-005631

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow an attacker to view sensitive system data. This issue is being tracked by Cisco bug ID CSCvn96947. The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server

Trust: 2.07

sources: NVD: CVE-2019-1631 // JVNDB: JVNDB-2019-005631 // BID: 108849 // VULHUB: VHN-148443 // VULMON: CVE-2019-1631

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing systemscope:eqversion:4.0\(1c\)hs3

Trust: 1.0

vendor:ciscomodel:integrated management controllerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:integrated management controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system 4.0 hs3scope: - version: -

Trust: 0.3

vendor:ciscomodel:ucs c-series serversscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:integrated management controllerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified computing system 4.0scope:neversion: -

Trust: 0.3

sources: BID: 108849 // JVNDB: JVNDB-2019-005631 // NVD: CVE-2019-1631

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1631
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1631
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1631
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201906-788
value: MEDIUM

Trust: 0.6

VULHUB: VHN-148443
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-1631
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1631
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-148443
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1631
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-148443 // VULMON: CVE-2019-1631 // JVNDB: JVNDB-2019-005631 // CNNVD: CNNVD-201906-788 // NVD: CVE-2019-1631 // NVD: CVE-2019-1631

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

sources: VULHUB: VHN-148443 // JVNDB: JVNDB-2019-005631 // NVD: CVE-2019-1631

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-788

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201906-788

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005631

PATCH
title:cisco-sa-20190619-imc-infodisclosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-infodisclos
Trust: 0.8
title:Cisco Integrated Management Controller Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93938
Trust: 0.6
title:Cisco: Cisco Integrated Management Controller Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190619-imc-infodisclos
Trust: 0.1
title: - url:https://github.com/ExpLangcn/FuYao-Go 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-1631 // 
            
            
            
            JVNDB: JVNDB-2019-005631 // 
            
            
            
            CNNVD: CNNVD-201906-788

EXTERNAL IDS
db:NVDid:CVE-2019-1631
Trust: 2.9
db:BIDid:108849
Trust: 2.0
db:JVNDBid:JVNDB-2019-005631
Trust: 0.8
db:CNNVDid:CNNVD-201906-788
Trust: 0.7
db:AUSCERTid:ESB-2019.2188
Trust: 0.6
db:VULHUBid:VHN-148443
Trust: 0.1
db:VULMONid:CVE-2019-1631
Trust: 0.1
sources:
            
            
            VULHUB: VHN-148443 // 
            
            
            
            VULMON: CVE-2019-1631 // 
            
            
            
            BID: 108849 // 
            
            
            
            JVNDB: JVNDB-2019-005631 // 
            
            
            
            CNNVD: CNNVD-201906-788 // 
            
            
            
            NVD: CVE-2019-1631

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-infodisclos
Trust: 2.0
url:http://www.securityfocus.com/bid/108849
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1631
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1631
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-dos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-frmwr-dos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-csrf
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-cimc-cli-cmdinj
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-filewrite
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2188/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-148443 // 
            
            
            
            BID: 108849 // 
            
            
            
            JVNDB: JVNDB-2019-005631 // 
            
            
            
            CNNVD: CNNVD-201906-788 // 
            
            
            
            NVD: CVE-2019-1631

CREDITS
Cisco.
Trust: 0.9
sources:
            
            
            BID: 108849 // 
            
            
            
            CNNVD: CNNVD-201906-788

SOURCES
db:VULHUBid:VHN-148443
db:VULMONid:CVE-2019-1631
db:BIDid:108849
db:JVNDBid:JVNDB-2019-005631
db:CNNVDid:CNNVD-201906-788
db:NVDid:CVE-2019-1631

LAST UPDATE DATE
2024-11-23T22:11:59.595000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-148443date:2019-10-09T00:00:00
db:VULMONid:CVE-2019-1631date:2019-10-09T00:00:00
db:BIDid:108849date:2019-06-19T00:00:00
db:JVNDBid:JVNDB-2019-005631date:2019-06-25T00:00:00
db:CNNVDid:CNNVD-201906-788date:2019-06-24T00:00:00
db:NVDid:CVE-2019-1631date:2024-11-21T04:36:58.317

SOURCES RELEASE DATE
db:VULHUBid:VHN-148443date:2019-06-20T00:00:00
db:VULMONid:CVE-2019-1631date:2019-06-20T00:00:00
db:BIDid:108849date:2019-06-19T00:00:00
db:JVNDBid:JVNDB-2019-005631date:2019-06-25T00:00:00
db:CNNVDid:CNNVD-201906-788date:2019-06-20T00:00:00
db:NVDid:CVE-2019-1631date:2019-06-20T03:15:11.743