cnvd - cnvd-2019-42594

CNVD-2019-42594

Vulnerability from cnvd - Published: 2019-11-28

Title

Cisco Integrated Management Controller Supervisor、Cisco UCS Director和Cisco UCS Director Express for Big Data身份验证绕过漏洞

Description

Cisco Integrated Management Controller（IMC）是美国思科（Cisco）公司的一套用于对UCS（统一计算系统）进行管理的软件。该软件支持HTTP、SSH访问等，并可对服务器进行开机、关机和重启等操作。 Cisco Integrated Management Controller (IMC) Supervisor、Cisco UCS Director和Cisco UCS Director Express for Big Data中的Web管理界面存在身份验证绕过漏洞，该漏洞源于在进行身份验证过程中，程序未能充分地验证请求头，远程攻击者可通过发送一系列恶意请求利用该漏洞获取受影响设备的全部管理访问权限。

Severity

高

Patch Name

Cisco Integrated Management Controller Supervisor、Cisco UCS Director和Cisco UCS Director Express for Big Data身份验证绕过漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypass

Reference

https://www.auscert.org.au/bulletins/ESB-2019.3201/

Impacted products

Name
['Cisco Cisco IMC Supervisor 2.1', 'Cisco Cisco IMC Supervisor >=2.2.0.0，<=2.2.0.6', 'Cisco UCS Director 6.6.1.0', 'Cisco UCS Director 6.6.0.0', 'Cisco UCS Director >=5.5.0.0，<=5.5.0.2', 'Cisco UCS Director >=6.0.0.0，<=6.0.1.3', 'Cisco UCS Director >=6.5.0.0，<=6.5.0.3', 'Cisco UCS Director >=6.7.0.0，<=6.7.2.0', 'Cisco UCS Director Express for Big Data >=2.1.0.0，<=2.1.0.2', 'Cisco UCS Director Express for Big Data >=3.0.0.0，<=3.0.1.3', 'Cisco UCS Director Express for Big Data >=3.5.0.0，<=3.5.0.3', 'Cisco UCS Director Express for Big Data 3.6.0.0', 'Cisco UCS Director Express for Big Data 3.6.1.0', 'Cisco UCS Director Express for Big Data >=3.7.0.0，<=3.7.2.0']

Name

['Cisco Cisco IMC Supervisor 2.1', 'Cisco Cisco IMC Supervisor >=2.2.0.0，<=2.2.0.6', 'Cisco UCS Director 6.6.1.0', 'Cisco UCS Director 6.6.0.0', 'Cisco UCS Director >=5.5.0.0，<=5.5.0.2', 'Cisco UCS Director >=6.0.0.0，<=6.0.1.3', 'Cisco UCS Director >=6.5.0.0，<=6.5.0.3', 'Cisco UCS Director >=6.7.0.0，<=6.7.2.0', 'Cisco UCS Director Express for Big Data >=2.1.0.0，<=2.1.0.2', 'Cisco UCS Director Express for Big Data >=3.0.0.0，<=3.0.1.3', 'Cisco UCS Director Express for Big Data >=3.5.0.0，<=3.5.0.3', 'Cisco UCS Director Express for Big Data 3.6.0.0', 'Cisco UCS Director Express for Big Data 3.6.1.0', 'Cisco UCS Director Express for Big Data >=3.7.0.0，<=3.7.2.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-1974",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-1974"
    }
  },
  "description": "Cisco Integrated Management Controller\uff08IMC\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u5bf9UCS\uff08\u7edf\u4e00\u8ba1\u7b97\u7cfb\u7edf\uff09\u8fdb\u884c\u7ba1\u7406\u7684\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301HTTP\u3001SSH\u8bbf\u95ee\u7b49\uff0c\u5e76\u53ef\u5bf9\u670d\u52a1\u5668\u8fdb\u884c\u5f00\u673a\u3001\u5173\u673a\u548c\u91cd\u542f\u7b49\u64cd\u4f5c\u3002\n\nCisco Integrated Management Controller (IMC) Supervisor\u3001Cisco UCS Director\u548cCisco UCS Director Express for Big Data\u4e2d\u7684Web\u7ba1\u7406\u754c\u9762\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u8fc7\u7a0b\u4e2d\uff0c\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u5730\u9a8c\u8bc1\u8bf7\u6c42\u5934\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u4e00\u7cfb\u5217\u6076\u610f\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u8bbe\u5907\u7684\u5168\u90e8\u7ba1\u7406\u8bbf\u95ee\u6743\u9650\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypass",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-42594",
  "openTime": "2019-11-28",
  "patchDescription": "Cisco Integrated Management Controller\uff08IMC\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u5bf9UCS\uff08\u7edf\u4e00\u8ba1\u7b97\u7cfb\u7edf\uff09\u8fdb\u884c\u7ba1\u7406\u7684\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301HTTP\u3001SSH\u8bbf\u95ee\u7b49\uff0c\u5e76\u53ef\u5bf9\u670d\u52a1\u5668\u8fdb\u884c\u5f00\u673a\u3001\u5173\u673a\u548c\u91cd\u542f\u7b49\u64cd\u4f5c\u3002\r\n\r\nCisco Integrated Management Controller (IMC) Supervisor\u3001Cisco UCS Director\u548cCisco UCS Director Express for Big Data\u4e2d\u7684Web\u7ba1\u7406\u754c\u9762\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u8fc7\u7a0b\u4e2d\uff0c\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u5730\u9a8c\u8bc1\u8bf7\u6c42\u5934\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u4e00\u7cfb\u5217\u6076\u610f\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u8bbe\u5907\u7684\u5168\u90e8\u7ba1\u7406\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Integrated Management Controller Supervisor\u3001Cisco UCS Director\u548cCisco UCS Director Express for Big Data\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Cisco IMC Supervisor 2.1",
      "Cisco Cisco IMC Supervisor \u003e=2.2.0.0\uff0c\u003c=2.2.0.6",
      "Cisco UCS Director 6.6.1.0",
      "Cisco UCS Director 6.6.0.0",
      "Cisco UCS Director \u003e=5.5.0.0\uff0c\u003c=5.5.0.2",
      "Cisco UCS Director \u003e=6.0.0.0\uff0c\u003c=6.0.1.3",
      "Cisco UCS Director \u003e=6.5.0.0\uff0c\u003c=6.5.0.3",
      "Cisco UCS Director \u003e=6.7.0.0\uff0c\u003c=6.7.2.0",
      "Cisco UCS Director Express for Big Data \u003e=2.1.0.0\uff0c\u003c=2.1.0.2",
      "Cisco UCS Director Express for Big Data \u003e=3.0.0.0\uff0c\u003c=3.0.1.3",
      "Cisco UCS Director Express for Big Data \u003e=3.5.0.0\uff0c\u003c=3.5.0.3",
      "Cisco UCS Director Express for Big Data 3.6.0.0",
      "Cisco UCS Director Express for Big Data 3.6.1.0",
      "Cisco UCS Director Express for Big Data \u003e=3.7.0.0\uff0c\u003c=3.7.2.0"
    ]
  },
  "referenceLink": "https://www.auscert.org.au/bulletins/ESB-2019.3201/",
  "serverity": "\u9ad8",
  "submitTime": "2019-08-26",
  "title": "Cisco Integrated Management Controller Supervisor\u3001Cisco UCS Director\u548cCisco UCS Director Express for Big Data\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2019-1974 (GCVE-0-2019-1974)

Vulnerability from cvelistv5 – Published: 2019-08-21 18:30 – Updated: 2024-11-19 18:59

Summary

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to gain full administrative access to the affected device.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-287

Assigner

cisco

References

URL

Tags

https://tools.cisco.com/security/center/content/C…

vendor-advisoryx_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Unified Computing System Director	Affected: unspecified , < 6.7.3.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:35:52.473Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190821 Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypass"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-1974",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T17:21:11.254332Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-19T18:59:04.565Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Computing System Director",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "6.7.3.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-08-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to gain full administrative access to the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-21T18:30:19",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190821 Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypass"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190821-imcs-ucs-authbypass",
        "defect": [
          [
            "CSCvq48630"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-08-21T16:00:00-0700",
          "ID": "CVE-2019-1974",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Unified Computing System Director",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "6.7.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to gain full administrative access to the affected device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "9.8",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190821 Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypass"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190821-imcs-ucs-authbypass",
          "defect": [
            [
              "CSCvq48630"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1974",
    "datePublished": "2019-08-21T18:30:19.438155Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-11-19T18:59:04.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-42594

CVE-2019-1974 (GCVE-0-2019-1974)

Tags

Sightings

Nomenclature