Details of VAR-201908-1014

ID

VAR-201908-1014

CVE

CVE-2019-1907

TITLE

Cisco Integrated Management Controller Authorization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-008599

DESCRIPTION

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker with read-only privileges to gain administrator privileges. Cisco Integrated Management Controller (IMC) Contains an authorization vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Cisco UCS C-Series and Cisco UCS S-Series are products of Cisco (Cisco). The Cisco UCS C-Series is a C-Series rack server. Cisco UCS S-Series is an S-Series rack server. Integrated Management Controller (IMC) Software is a set of software for managing UCS (Unified Computing System). The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server

Trust: 1.71

sources: NVD: CVE-2019-1907 // JVNDB: JVNDB-2019-008599 // VULHUB: VHN-151479

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system	scope:	eq	version:	4.0\(1c\)hs3	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	lt	version:	4.0\(2f\)	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	lt	version:	4.0\(4b\)	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified computing system software	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-008599 // NVD: CVE-2019-1907

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1907
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1907
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1907
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201908-1711
value:	HIGH
Trust: 0.6
VULHUB:	VHN-151479
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1907
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-151479
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1907
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1907
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-151479 // JVNDB: JVNDB-2019-008599 // CNNVD: CNNVD-201908-1711 // NVD: CVE-2019-1907 // NVD: CVE-2019-1907

PROBLEMTYPE DATA

problemtype:	CWE-285	Trust: 1.9
problemtype:	NVD-CWE-Other	Trust: 1.0

sources: VULHUB: VHN-151479 // JVNDB: JVNDB-2019-008599 // NVD: CVE-2019-1907

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1711

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201908-1711

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008599

PATCH

title:	cisco-sa-20190821-imc-privescal	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privescal	Trust: 0.8
title:	Cisco Integrated Management Controller Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97305	Trust: 0.6

sources: JVNDB: JVNDB-2019-008599 // CNNVD: CNNVD-201908-1711

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1907	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-008599	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-1711	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3212	Trust: 0.6
db:	VULHUB	id:	VHN-151479	Trust: 0.1

sources: VULHUB: VHN-151479 // JVNDB: JVNDB-2019-008599 // CNNVD: CNNVD-201908-1711 // NVD: CVE-2019-1907

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-privescal	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1907	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1907	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-bo	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-cimc-cli-inject	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinject-1896	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-ucs-cimc	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinject-1634	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinj-1865	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinj-1864	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinj-1850	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-infodisc	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-privilege	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imcs-ucs-authby	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imcs-ucs-cmdinj	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-ucs-imc-dos	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imcs-usercred	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-dos	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3212/	Trust: 0.6

sources: VULHUB: VHN-151479 // JVNDB: JVNDB-2019-008599 // CNNVD: CNNVD-201908-1711 // NVD: CVE-2019-1907

SOURCES

db:	VULHUB	id:	VHN-151479
db:	JVNDB	id:	JVNDB-2019-008599
db:	CNNVD	id:	CNNVD-201908-1711
db:	NVD	id:	CVE-2019-1907

LAST UPDATE DATE

2024-11-23T21:59:47.950000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-151479	date:	2020-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-008599	date:	2019-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201908-1711	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2019-1907	date:	2024-11-21T04:37:39.700

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-151479	date:	2019-08-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-008599	date:	2019-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201908-1711	date:	2019-08-21T00:00:00
db:	NVD	id:	CVE-2019-1907	date:	2019-08-21T19:15:15.170