← Back

CVE-2019-1938

nvd nist
Published: Aug 21, 2019Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper authentication request handling. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an unprivileged attacker to access and execute arbitrary actions through certain APIs.

Affected (4)

Cisco
2 products
Ucs Director
Ucs Director Express For Big Data
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Ucs Director
Version 6.7.0.0
Ucs Director
Version 6.7.1.0
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Ucs Director Express For Big Data
Version 3.7.0.0
Ucs Director Express For Big Data
Version 3.7.1.0

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.