CVE-2019-1630

Published: Jun 20, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient checking of an input buffer. An attacker could exploit this vulnerability by passing a crafted file to the affected system. A successful exploit could inhibit an administrator's ability to access the system.

Affected (2)

Products: Cisco: Integrated Management Controller, Unified Computing System

2 products

Integrated Management Controller

Unified Computing System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Integrated Management Controller	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Computing System	Version 4.0(1c)hs3

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (4)

http://www.securityfocus.com/bid/108846

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-frmwr-dos

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/108846

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-frmwr-dos

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.