Details of VAR-201908-0393

ID

VAR-201908-0393

CVE

CVE-2019-1871

TITLE

Cisco Integrated Management Controller Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-008613 // CNNVD: CNNVD-201908-1678

DESCRIPTION

A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device. The vulnerability is due to improper bounds checking by the import-config process. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to implement arbitrary code on the affected device with elevated privileges. Cisco Integrated Management Controller (IMC) is a set of software used by Cisco to manage UCS (Unified Computing System). The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server. The following products and versions are affected: UCS C-Series and S-Series Servers (in single mode); UCS E-Series Servers; 5000 Series Enterprise Network Compute System (ENCS) Platform

Trust: 1.71

sources: NVD: CVE-2019-1871 // JVNDB: JVNDB-2019-008613 // VULHUB: VHN-151083

AFFECTED PRODUCTS

vendor:	cisco	model:	integrated management controller supervisor	scope:	lt	version:	3.0\(4k\)	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	gte	version:	4.0.0.0	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	4.0\(1c\)hs3	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	lt	version:	4.0\(4b\)	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified computing system software	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-008613 // NVD: CVE-2019-1871

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1871
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1871
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1871
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201908-1678
value:	HIGH
Trust: 0.6
VULHUB:	VHN-151083
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-1871
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-151083
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1871
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-151083 // JVNDB: JVNDB-2019-008613 // CNNVD: CNNVD-201908-1678 // NVD: CVE-2019-1871 // NVD: CVE-2019-1871

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-151083 // JVNDB: JVNDB-2019-008613 // NVD: CVE-2019-1871

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1678

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201908-1678

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008613

PATCH

title:	cisco-sa-20190821-imc-bo	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-bo	Trust: 0.8
title:	Cisco Integrated Management Controller Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97281	Trust: 0.6

sources: JVNDB: JVNDB-2019-008613 // CNNVD: CNNVD-201908-1678

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1871	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-008613	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-1678	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3212	Trust: 0.6
db:	VULHUB	id:	VHN-151083	Trust: 0.1

sources: VULHUB: VHN-151083 // JVNDB: JVNDB-2019-008613 // CNNVD: CNNVD-201908-1678 // NVD: CVE-2019-1871

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-bo	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1871	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1871	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-cimc-cli-inject	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinject-1896	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-ucs-cimc	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinject-1634	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinj-1865	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinj-1864	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinj-1850	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-infodisc	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-privilege	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-privescal	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imcs-ucs-authby	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imcs-ucs-cmdinj	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-ucs-imc-dos	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imcs-usercred	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-dos	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3212/	Trust: 0.6

sources: VULHUB: VHN-151083 // JVNDB: JVNDB-2019-008613 // CNNVD: CNNVD-201908-1678 // NVD: CVE-2019-1871

SOURCES

db:	VULHUB	id:	VHN-151083
db:	JVNDB	id:	JVNDB-2019-008613
db:	CNNVD	id:	CNNVD-201908-1678
db:	NVD	id:	CVE-2019-1871

LAST UPDATE DATE

2024-11-23T21:59:48.346000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-151083	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-008613	date:	2019-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201908-1678	date:	2019-09-02T00:00:00
db:	NVD	id:	CVE-2019-1871	date:	2024-11-21T04:37:34.953

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-151083	date:	2019-08-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-008613	date:	2019-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201908-1678	date:	2019-08-21T00:00:00
db:	NVD	id:	CVE-2019-1871	date:	2019-08-21T19:15:14.480