Details of VAR-201908-1015

ID

VAR-201908-1015

CVE

CVE-2019-1908

TITLE

Cisco Integrated Management Controller Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-008600

DESCRIPTION

A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the affected software. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional attacks. The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server

Trust: 1.71

sources: NVD: CVE-2019-1908 // JVNDB: JVNDB-2019-008600 // VULHUB: VHN-151490

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system	scope:	eq	version:	4.0\(1c\)hs3	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	lt	version:	2.0\(13o\)	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	lt	version:	3.0\(4k\)	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	gte	version:	4.0.0.0	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	lt	version:	4.0\(2f\)	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	gte	version:	2.0.0.0	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	lt	version:	4.0\(4b\)	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified computing system software	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-008600 // NVD: CVE-2019-1908

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1908
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1908
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1908
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201908-1710
value:	HIGH
Trust: 0.6
VULHUB:	VHN-151490
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1908
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-151490
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1908
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1908
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-151490 // JVNDB: JVNDB-2019-008600 // CNNVD: CNNVD-201908-1710 // NVD: CVE-2019-1908 // NVD: CVE-2019-1908

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	NVD-CWE-noinfo	Trust: 1.0

sources: VULHUB: VHN-151490 // JVNDB: JVNDB-2019-008600 // NVD: CVE-2019-1908

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1710

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201908-1710

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008600

PATCH

title:	cisco-sa-20190821-imc-infodisc	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-infodisc	Trust: 0.8
title:	Cisco Integrated Management Controller Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97304	Trust: 0.6

sources: JVNDB: JVNDB-2019-008600 // CNNVD: CNNVD-201908-1710

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1908	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-008600	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-1710	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3212	Trust: 0.6
db:	VULHUB	id:	VHN-151490	Trust: 0.1

sources: VULHUB: VHN-151490 // JVNDB: JVNDB-2019-008600 // CNNVD: CNNVD-201908-1710 // NVD: CVE-2019-1908

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-infodisc	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1908	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1908	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-bo	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-cimc-cli-inject	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinject-1896	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-ucs-cimc	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinject-1634	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinj-1865	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinj-1864	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinj-1850	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-privilege	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-privescal	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imcs-ucs-authby	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imcs-ucs-cmdinj	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-ucs-imc-dos	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imcs-usercred	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-dos	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3212/	Trust: 0.6

sources: VULHUB: VHN-151490 // JVNDB: JVNDB-2019-008600 // CNNVD: CNNVD-201908-1710 // NVD: CVE-2019-1908

SOURCES

db:	VULHUB	id:	VHN-151490
db:	JVNDB	id:	JVNDB-2019-008600
db:	CNNVD	id:	CNNVD-201908-1710
db:	NVD	id:	CVE-2019-1908

LAST UPDATE DATE

2024-11-23T21:59:48.523000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-151490	date:	2020-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-008600	date:	2019-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201908-1710	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2019-1908	date:	2024-11-21T04:37:39.833

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-151490	date:	2019-08-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-008600	date:	2019-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201908-1710	date:	2019-08-21T00:00:00
db:	NVD	id:	CVE-2019-1908	date:	2019-08-21T19:15:15.230