Details of VAR-201908-0851

ID

VAR-201908-0851

CVE

CVE-2019-1974

TITLE

plural Cisco Authentication vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-008603

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to gain full administrative access to the affected device. The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server. Version 1.3, Version 3.5.0.0 to Version 3.5.0.3, Version 3.6.0.0, Version 3.6.1.0, Version 3.7.0.0 to Version 3.7.2.0

Trust: 1.71

sources: NVD: CVE-2019-1974 // JVNDB: JVNDB-2019-008603 // VULHUB: VHN-152216

AFFECTED PRODUCTS

vendor:	cisco	model:	ucs director	scope:	gte	version:	5.5.0.0	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	gte	version:	6.0.0.0	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	lte	version:	6.0.1.3	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	lte	version:	5.5.0.2	Trust: 1.0
vendor:	cisco	model:	ucs director express for big data	scope:	lte	version:	3.5.0.3	Trust: 1.0
vendor:	cisco	model:	ucs director express for big data	scope:	eq	version:	3.6.0.0	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	eq	version:	2.1.0.0	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	eq	version:	6.7\(2.0\)	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	lte	version:	6.5.0.3	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	eq	version:	6.7\(1.1\)	Trust: 1.0
vendor:	cisco	model:	ucs director express for big data	scope:	lte	version:	3.7.2.0	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	gte	version:	6.6.0.0	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	gte	version:	6.5.0.0	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	gte	version:	2.2.0.0	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	lte	version:	6.7.2.0	Trust: 1.0
vendor:	cisco	model:	ucs director express for big data	scope:	lte	version:	3.0.1.3	Trust: 1.0
vendor:	cisco	model:	ucs director express for big data	scope:	gte	version:	2.1.0.0	Trust: 1.0
vendor:	cisco	model:	ucs director express for big data	scope:	gte	version:	3.7.0.0	Trust: 1.0
vendor:	cisco	model:	ucs director express for big data	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	cisco	model:	ucs director express for big data	scope:	gte	version:	3.5.0.0	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	lte	version:	2.2.0.6	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	gte	version:	6.7.0.0	Trust: 1.0
vendor:	cisco	model:	ucs director express for big data	scope:	lte	version:	2.1.0.2	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	lte	version:	6.6.1.0	Trust: 1.0
vendor:	cisco	model:	ucs director express for big data	scope:	eq	version:	3.6.1.0	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs director	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs director express for big data	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-008603 // NVD: CVE-2019-1974

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1974
value:	CRITICAL
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1974
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-1974
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201908-1726
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-152216
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-1974
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-152216
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1974
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-152216 // JVNDB: JVNDB-2019-008603 // CNNVD: CNNVD-201908-1726 // NVD: CVE-2019-1974 // NVD: CVE-2019-1974

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-152216 // JVNDB: JVNDB-2019-008603 // NVD: CVE-2019-1974

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1726

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201908-1726

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008603

PATCH

title:	cisco-sa-20190821-imcs-ucs-authbypass	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypass	Trust: 0.8
title:	Cisco Integrated Management Controller Supervisor , Cisco UCS Director and Cisco UCS Director Express for Big Data Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97315	Trust: 0.6

sources: JVNDB: JVNDB-2019-008603 // CNNVD: CNNVD-201908-1726

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1974	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-008603	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-1726	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3201	Trust: 0.6
db:	VULHUB	id:	VHN-152216	Trust: 0.1

sources: VULHUB: VHN-152216 // JVNDB: JVNDB-2019-008603 // CNNVD: CNNVD-201908-1726 // NVD: CVE-2019-1974

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imcs-ucs-authbypass	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1974	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1974	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.3201/	Trust: 0.6

sources: VULHUB: VHN-152216 // JVNDB: JVNDB-2019-008603 // CNNVD: CNNVD-201908-1726 // NVD: CVE-2019-1974

CREDITS

an external researcher who wants to remain anonymous.

Trust: 0.6

sources: CNNVD: CNNVD-201908-1726

SOURCES

db:	VULHUB	id:	VHN-152216
db:	JVNDB	id:	JVNDB-2019-008603
db:	CNNVD	id:	CNNVD-201908-1726
db:	NVD	id:	CVE-2019-1974

LAST UPDATE DATE

2024-11-23T23:04:40.294000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-152216	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-008603	date:	2019-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201908-1726	date:	2019-09-02T00:00:00
db:	NVD	id:	CVE-2019-1974	date:	2024-11-21T04:37:48.333

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-152216	date:	2019-08-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-008603	date:	2019-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201908-1726	date:	2019-08-21T00:00:00
db:	NVD	id:	CVE-2019-1974	date:	2019-08-21T19:15:15.607