Vulnerability Details : CVE-2019-1937
Public exploit exists!
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to use the acquired session token to gain full administrator access to the affected device.
Vulnerability category: BypassGain privilege
Products affected by CVE-2019-1937
- cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ucs_director:6.7\(0.0.67265\):*:*:*:*:*:*:*
- Cisco » Integrated Management Controller SupervisorVersions from including (>=) 2.2.0.3 and up to, including, (<=) 2.2.0.6cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*
- Cisco » Ucs Director Express For Big DataVersions from including (>=) 3.7.0.0 and up to, including, (<=) 3.7.1.0cpe:2.3:a:cisco:ucs_director_express_for_big_data:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ucs_director_express_for_big_data:3.6.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-1937
40.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2019-1937
-
Cisco UCS Director Unauthenticated Remote Code Execution
Disclosure Date: 2019-08-21First seen: 2020-04-26exploit/linux/http/cisco_ucs_rceThe Cisco UCS Director virtual appliance contains two flaws that can be combined and abused by an attacker to achieve remote code execution as root. The first one, CVE-2019-1937, is an authentication bypass, that allows the attacker to authenticate as an administrato
CVSS scores for CVE-2019-1937
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Cisco Systems, Inc. |
CWE ids for CVE-2019-1937
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2019-1937
-
http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html
Cisco UCS Director Unauthenticated Remote Code Execution ≈ Packet Storm
-
http://packetstormsecurity.com/files/173531/Cisco-UCS-IMC-Supervisor-2.2.0.0-Authentication-Bypass.html
Cisco UCS-IMC Supervisor 2.2.0.0 Authentication Bypass ≈ Packet Storm
-
http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html
Cisco UCS / IMC Supervisor Authentication Bypass / Command Injection ≈ Packet StormExploit;Third Party Advisory
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authby
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass VulnerabilityVendor Advisory
-
http://seclists.org/fulldisclosure/2019/Aug/36
Full Disclosure: Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root
-
https://seclists.org/bugtraq/2019/Aug/49
Bugtraq: Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as rootThird Party Advisory
Jump to