CyberSec.Space Logo
Back to CVE Browser

CVE-2019-1938

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1100%
EPSS Percentile36.60th
PublishedAug 21, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper authentication request handling. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an unprivileged attacker to access and execute arbitrary actions through certain APIs.

Affected Platforms (CPE)

πŸ“¦
Cisco

Ucs Director

= 6.7.0.0
πŸ“¦
Cisco

Ucs Director

= 6.7.1.0
πŸ“¦
Cisco

Ucs Director Express For Big Data

= 3.7.0.0
πŸ“¦
Cisco

Ucs Director Express For Big Data

= 3.7.1.0

References & Advisories

πŸ”— https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucsd-authbypass
πŸ”— https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucsd-authbypass

Related Vulnerabilities

CVE-2018-02389.9

A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow...

CVE-2019-19749.8

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Direct...

CVE-2019-19379.8

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Direct...

CVE-2019-19359.8

A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for...