ID

VAR-201908-0831


CVE

CVE-2019-1863


TITLE

Cisco Integrated Management Controller Software Authorization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-008450

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow a user with read-only privileges to change critical system configurations using administrator privileges. The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server. The following products and versions are affected: Cisco UCS C-Series and S-Series Servers (in single mode); UCS E-Series Servers; 5000 Series Enterprise Network Compute System (ENCS) Platforms

Trust: 1.71

sources: NVD: CVE-2019-1863 // JVNDB: JVNDB-2019-008450 // VULHUB: VHN-150995

AFFECTED PRODUCTS

vendor:ciscomodel:integrated management controller supervisorscope:gteversion:3.0.0.0

Trust: 1.0

vendor:ciscomodel:integrated management controller supervisorscope:ltversion:4.0\(2c\)

Trust: 1.0

vendor:ciscomodel:unified computing systemscope:eqversion:4.0\(1c\)hs3

Trust: 1.0

vendor:ciscomodel:integrated management controller supervisorscope:gteversion:1.5.0.0

Trust: 1.0

vendor:ciscomodel:integrated management controller supervisorscope:ltversion:1.5\(9g\)

Trust: 1.0

vendor:ciscomodel:integrated management controller supervisorscope:ltversion:4.0\(4b\)

Trust: 1.0

vendor:ciscomodel:integrated management controller supervisorscope:ltversion:2.0\(13o\)

Trust: 1.0

vendor:ciscomodel:integrated management controller supervisorscope:gteversion:4.0.0.0

Trust: 1.0

vendor:ciscomodel:integrated management controller supervisorscope:ltversion:3.0\(4k\)

Trust: 1.0

vendor:ciscomodel:integrated management controller supervisorscope:gteversion:2.0.0.0

Trust: 1.0

vendor:ciscomodel:integrated management controller supervisorscope:ltversion:4.0\(1d\)

Trust: 1.0

vendor:ciscomodel:integrated management controller supervisorscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-008450 // NVD: CVE-2019-1863

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1863
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1863
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1863
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-1707
value: HIGH

Trust: 0.6

VULHUB: VHN-150995
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1863
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-150995
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1863
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1863
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2019-1863
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-150995 // JVNDB: JVNDB-2019-008450 // CNNVD: CNNVD-201908-1707 // NVD: CVE-2019-1863 // NVD: CVE-2019-1863

PROBLEMTYPE DATA

problemtype:CWE-285

Trust: 1.9

problemtype:NVD-CWE-Other

Trust: 1.0

sources: VULHUB: VHN-150995 // JVNDB: JVNDB-2019-008450 // NVD: CVE-2019-1863

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1707

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201908-1707

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008450

PATCH

title:cisco-sa-20190821-imc-privilegeurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privilege

Trust: 0.8

title:Cisco Integrated Management Controller Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97301

Trust: 0.6

sources: JVNDB: JVNDB-2019-008450 // CNNVD: CNNVD-201908-1707

EXTERNAL IDS

db:NVDid:CVE-2019-1863

Trust: 2.5

db:JVNDBid:JVNDB-2019-008450

Trust: 0.8

db:CNNVDid:CNNVD-201908-1707

Trust: 0.7

db:AUSCERTid:ESB-2019.3212

Trust: 0.6

db:VULHUBid:VHN-150995

Trust: 0.1

sources: VULHUB: VHN-150995 // JVNDB: JVNDB-2019-008450 // CNNVD: CNNVD-201908-1707 // NVD: CVE-2019-1863

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-privilege

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-1863

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1863

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-bo

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-cimc-cli-inject

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinject-1896

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-ucs-cimc

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinject-1634

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinj-1865

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinj-1864

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinj-1850

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-infodisc

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-privescal

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imcs-ucs-authby

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imcs-ucs-cmdinj

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-ucs-imc-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imcs-usercred

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-dos

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3212/

Trust: 0.6

sources: VULHUB: VHN-150995 // JVNDB: JVNDB-2019-008450 // CNNVD: CNNVD-201908-1707 // NVD: CVE-2019-1863

SOURCES

db:VULHUBid:VHN-150995
db:JVNDBid:JVNDB-2019-008450
db:CNNVDid:CNNVD-201908-1707
db:NVDid:CVE-2019-1863

LAST UPDATE DATE

2024-08-14T13:26:01.309000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-150995date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2019-008450date:2019-08-30T00:00:00
db:CNNVDid:CNNVD-201908-1707date:2020-10-21T00:00:00
db:NVDid:CVE-2019-1863date:2020-10-16T14:51:00.790

SOURCES RELEASE DATE

db:VULHUBid:VHN-150995date:2019-08-21T00:00:00
db:JVNDBid:JVNDB-2019-008450date:2019-08-30T00:00:00
db:CNNVDid:CNNVD-201908-1707date:2019-08-21T00:00:00
db:NVDid:CVE-2019-1863date:2019-08-21T19:15:14.277