Sign-up

ID

VAR-201906-0601


CVE

CVE-2019-1632


TITLE

Cisco Integrated Management Controller Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2019-005659

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to use a web browser and the privileges of the user to perform arbitrary actions on the affected device. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvn96946

Trust: 1.98

sources: NVD: CVE-2019-1632 // JVNDB: JVNDB-2019-005659 // BID: 108858 // VULHUB: VHN-148454

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing systemscope:eqversion:4.0\(1c\)hs3

Trust: 1.0

vendor:ciscomodel:integrated management controllerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:integrated management controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system central softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system 4.0 hs3scope: - version: -

Trust: 0.3

vendor:ciscomodel:integrated management controllerscope:eqversion:0

Trust: 0.3

sources: BID: 108858 // JVNDB: JVNDB-2019-005659 // NVD: CVE-2019-1632

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1632
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1632
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1632
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201906-790
value: HIGH

Trust: 0.6

VULHUB: VHN-148454
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1632
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-148454
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1632
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1632
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 2.5
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-148454 // JVNDB: JVNDB-2019-005659 // CNNVD: CNNVD-201906-790 // NVD: CVE-2019-1632 // NVD: CVE-2019-1632

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-148454 // JVNDB: JVNDB-2019-005659 // NVD: CVE-2019-1632

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-790

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201906-790

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005659

PATCH
title:cisco-sa-20190619-imc-csrfurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-csrf
Trust: 0.8
title:Cisco Integrated Management Controller Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93940
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-005659 // 
            
            
            
            CNNVD: CNNVD-201906-790

EXTERNAL IDS
db:NVDid:CVE-2019-1632
Trust: 2.8
db:BIDid:108858
Trust: 2.0
db:JVNDBid:JVNDB-2019-005659
Trust: 0.8
db:AUSCERTid:ESB-2019.2188
Trust: 0.6
db:CNNVDid:CNNVD-201906-790
Trust: 0.6
db:VULHUBid:VHN-148454
Trust: 0.1
sources:
            
            
            VULHUB: VHN-148454 // 
            
            
            
            BID: 108858 // 
            
            
            
            JVNDB: JVNDB-2019-005659 // 
            
            
            
            CNNVD: CNNVD-201906-790 // 
            
            
            
            NVD: CVE-2019-1632

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-csrf
Trust: 2.0
url:http://www.securityfocus.com/bid/108858
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1632
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1632
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-infodisclos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-dos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-frmwr-dos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-cimc-cli-cmdinj
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-imc-filewrite
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2188/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-148454 // 
            
            
            
            BID: 108858 // 
            
            
            
            JVNDB: JVNDB-2019-005659 // 
            
            
            
            CNNVD: CNNVD-201906-790 // 
            
            
            
            NVD: CVE-2019-1632

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 108858 // 
            
            
            
            CNNVD: CNNVD-201906-790

SOURCES
db:VULHUBid:VHN-148454
db:BIDid:108858
db:JVNDBid:JVNDB-2019-005659
db:CNNVDid:CNNVD-201906-790
db:NVDid:CVE-2019-1632

LAST UPDATE DATE
2024-11-23T22:11:59.535000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-148454date:2019-10-09T00:00:00
db:BIDid:108858date:2019-06-19T00:00:00
db:JVNDBid:JVNDB-2019-005659date:2019-06-25T00:00:00
db:CNNVDid:CNNVD-201906-790date:2019-06-25T00:00:00
db:NVDid:CVE-2019-1632date:2024-11-21T04:36:58.450

SOURCES RELEASE DATE
db:VULHUBid:VHN-148454date:2019-06-20T00:00:00
db:BIDid:108858date:2019-06-19T00:00:00
db:JVNDBid:JVNDB-2019-005659date:2019-06-25T00:00:00
db:CNNVDid:CNNVD-201906-790date:2019-06-20T00:00:00
db:NVDid:CVE-2019-1632date:2019-06-20T03:15:11.790