CVE-2019-1628

Published: Jun 20, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checking. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. An exploit could allow the attacker to cause a buffer overflow, resulting in a process crash and DoS condition on the device.

Affected (2)

Products: Cisco: Integrated Management Controller, Unified Computing System

2 products

Integrated Management Controller

Unified Computing System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Integrated Management Controller	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Computing System	Version 4.0(1c)hs3

Related CWEs

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References (4)

http://www.securityfocus.com/bid/108851

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-dos

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/108851

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-dos

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.