cvelistv5 - cve-2019-1896

CVE-2019-1896 (GCVE-0-2019-1896)

Vulnerability from cvelistv5 – Published: 2019-08-21 18:20 – Updated: 2024-11-20 17:11

Summary

Severity ?

7.2 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78

Assigner

cisco

References

URL

Tags

https://tools.cisco.com/security/center/content/C…

vendor-advisoryx_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Unified Computing System E-Series Software (UCSE)	Affected: unspecified , < 3.0(4k) (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:35:51.570Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190821 Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-1896",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-20T16:52:21.918460Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-20T17:11:47.410Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Computing System E-Series Software (UCSE)",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "3.0(4k)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-08-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-21T18:20:28",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190821 Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190821-imc-cmdinject-1896",
        "defect": [
          [
            "CSCvo36057"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-08-21T16:00:00-0700",
          "ID": "CVE-2019-1896",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Unified Computing System E-Series Software (UCSE)",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "3.0(4k)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.2",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190821 Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190821-imc-cmdinject-1896",
          "defect": [
            [
              "CSCvo36057"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1896",
    "datePublished": "2019-08-21T18:20:28.706884Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-11-20T17:11:47.410Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_computing_system:4.0\\\\(1c\\\\)hs3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39F8601E-730B-489B-AD2A-FD10FAF28595\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0.0.0\", \"versionEndExcluding\": \"2.0\\\\(13o\\\\)\", \"matchCriteriaId\": \"416F7C96-3EF0-4B6D-B414-3FC0D0848144\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0.0\", \"versionEndExcluding\": \"3.0\\\\(4k\\\\)\", \"matchCriteriaId\": \"0056011A-04F0-4185-8EE7-B1B30CAAA863\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0.0.0\", \"versionEndExcluding\": \"4.0\\\\(4b\\\\)\", \"matchCriteriaId\": \"59EE9E78-D09E-4069-BC84-ED42E3EE76F1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"678F3A32-372A-441E-8115-95181FBAF628\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01AE8153-6C23-46AB-BEAA-A6F27FDFEED7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF77273F-73C0-40EB-BB4E-75269D46F074\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"757958F5-F58C-4128-B128-D989A56ACA34\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F62D6B73-1AB7-4B93-A92E-275E78DF114C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0E6AAD9-824C-4126-8347-2FF1895E6D33\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3BD31E5A-518C-482F-A926-383ADCC7015E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"155D990F-C7DA-48DD-92CC-18542DBBE572\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADD4A429-F168-460B-A964-8F1BD94C6387\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD25964B-08B7-477E-A507-5FE5EE7CD286\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FDC8A69-0914-44C1-8AEA-262E0A285C81\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0.0.0\", \"versionEndExcluding\": \"4.0\\\\(2f\\\\)\", \"matchCriteriaId\": \"F5549F4C-CF65-4F22-9675-EFAA99964CA0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"678F3A32-372A-441E-8115-95181FBAF628\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01AE8153-6C23-46AB-BEAA-A6F27FDFEED7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF77273F-73C0-40EB-BB4E-75269D46F074\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"757958F5-F58C-4128-B128-D989A56ACA34\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F62D6B73-1AB7-4B93-A92E-275E78DF114C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0E6AAD9-824C-4126-8347-2FF1895E6D33\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3BD31E5A-518C-482F-A926-383ADCC7015E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"155D990F-C7DA-48DD-92CC-18542DBBE572\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADD4A429-F168-460B-A964-8F1BD94C6387\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD25964B-08B7-477E-A507-5FE5EE7CD286\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FDC8A69-0914-44C1-8AEA-262E0A285C81\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en la interfaz de administraci\\u00f3n basada en la web de Cisco Integrated Management Controller (IMC) podr\\u00eda permitir que un atacante remoto autenticado inyecte comandos arbitrarios y obtenga privilegios de root. La vulnerabilidad se debe a una validaci\\u00f3n insuficiente de la entrada proporcionada por el usuario en la funci\\u00f3n de Solicitud de firma de certificado (CSR) de la interfaz de administraci\\u00f3n basada en la web. Un atacante podr\\u00eda aprovechar esta vulnerabilidad al enviar una CSR dise\\u00f1ada en la interfaz de administraci\\u00f3n basada en la web. Una explotaci\\u00f3n exitosa podr\\u00eda permitir que un atacante con privilegios de administrador ejecute comandos arbitrarios en el dispositivo con todos los privilegios de root.\"}]",
      "id": "CVE-2019-1896",
      "lastModified": "2024-11-21T04:37:38.333",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}], \"cvssMetricV30\": [{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-08-21T19:15:15.013",
      "references": "[{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-1896\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2019-08-21T19:15:15.013\",\"lastModified\":\"2024-11-21T04:37:38.333\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la interfaz de administraci\u00f3n basada en la web de Cisco Integrated Management Controller (IMC) podr\u00eda permitir que un atacante remoto autenticado inyecte comandos arbitrarios y obtenga privilegios de root. La vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario en la funci\u00f3n de Solicitud de firma de certificado (CSR) de la interfaz de administraci\u00f3n basada en la web. Un atacante podr\u00eda aprovechar esta vulnerabilidad al enviar una CSR dise\u00f1ada en la interfaz de administraci\u00f3n basada en la web. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante con privilegios de administrador ejecute comandos arbitrarios en el dispositivo con todos los privilegios de root.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_computing_system:4.0\\\\(1c\\\\)hs3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39F8601E-730B-489B-AD2A-FD10FAF28595\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0.0\",\"versionEndExcluding\":\"2.0\\\\(13o\\\\)\",\"matchCriteriaId\":\"416F7C96-3EF0-4B6D-B414-3FC0D0848144\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0.0\",\"versionEndExcluding\":\"3.0\\\\(4k\\\\)\",\"matchCriteriaId\":\"0056011A-04F0-4185-8EE7-B1B30CAAA863\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0.0\",\"versionEndExcluding\":\"4.0\\\\(4b\\\\)\",\"matchCriteriaId\":\"59EE9E78-D09E-4069-BC84-ED42E3EE76F1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"678F3A32-372A-441E-8115-95181FBAF628\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01AE8153-6C23-46AB-BEAA-A6F27FDFEED7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF77273F-73C0-40EB-BB4E-75269D46F074\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"757958F5-F58C-4128-B128-D989A56ACA34\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F62D6B73-1AB7-4B93-A92E-275E78DF114C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0E6AAD9-824C-4126-8347-2FF1895E6D33\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BD31E5A-518C-482F-A926-383ADCC7015E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"155D990F-C7DA-48DD-92CC-18542DBBE572\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADD4A429-F168-460B-A964-8F1BD94C6387\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD25964B-08B7-477E-A507-5FE5EE7CD286\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FDC8A69-0914-44C1-8AEA-262E0A285C81\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0.0\",\"versionEndExcluding\":\"4.0\\\\(2f\\\\)\",\"matchCriteriaId\":\"F5549F4C-CF65-4F22-9675-EFAA99964CA0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"678F3A32-372A-441E-8115-95181FBAF628\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01AE8153-6C23-46AB-BEAA-A6F27FDFEED7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF77273F-73C0-40EB-BB4E-75269D46F074\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"757958F5-F58C-4128-B128-D989A56ACA34\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F62D6B73-1AB7-4B93-A92E-275E78DF114C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0E6AAD9-824C-4126-8347-2FF1895E6D33\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BD31E5A-518C-482F-A926-383ADCC7015E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"155D990F-C7DA-48DD-92CC-18542DBBE572\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADD4A429-F168-460B-A964-8F1BD94C6387\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD25964B-08B7-477E-A507-5FE5EE7CD286\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FDC8A69-0914-44C1-8AEA-262E0A285C81\"}]}]}],\"references\":[{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"Cisco Unified Computing System E-Series Software (UCSE)\", \"vendor\": \"Cisco\", \"versions\": [{\"lessThan\": \"3.0(4k)\", \"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2019-08-21T00:00:00\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges.\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"metrics\": [{\"cvssV3_0\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"version\": \"3.0\"}}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-78\", \"description\": \"CWE-78\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2019-08-21T18:20:28\", \"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\"}, \"references\": [{\"name\": \"20190821 Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"], \"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896\"}], \"source\": {\"advisory\": \"cisco-sa-20190821-imc-cmdinject-1896\", \"defect\": [[\"CSCvo36057\"]], \"discovery\": \"INTERNAL\"}, \"title\": \"Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability\", \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2019-08-21T16:00:00-0700\", \"ID\": \"CVE-2019-1896\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"Cisco Unified Computing System E-Series Software (UCSE)\", \"version\": {\"version_data\": [{\"affected\": \"\u003c\", \"version_affected\": \"\u003c\", \"version_value\": \"3.0(4k)\"}]}}]}, \"vendor_name\": \"Cisco\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges.\"}]}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"impact\": {\"cvss\": {\"baseScore\": \"7.2\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"version\": \"3.0\"}}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-78\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"20190821 Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability\", \"refsource\": \"CISCO\", \"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896\"}]}, \"source\": {\"advisory\": \"cisco-sa-20190821-imc-cmdinject-1896\", \"defect\": [[\"CSCvo36057\"]], \"discovery\": \"INTERNAL\"}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T18:35:51.570Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"20190821 Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"], \"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-1896\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-20T16:52:21.918460Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-20T16:54:06.788Z\"}}]}",
      "cveMetadata": "{\"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"assignerShortName\": \"cisco\", \"cveId\": \"CVE-2019-1896\", \"datePublished\": \"2019-08-21T18:20:28.706884Z\", \"dateReserved\": \"2018-12-06T00:00:00\", \"dateUpdated\": \"2024-11-20T17:11:47.410Z\", \"state\": \"PUBLISHED\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-CH4G-7FMW-MR53

Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2023-03-31 18:30

Details

Severity ?

7.2 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-1896"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-21T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges.",
  "id": "GHSA-ch4g-7fmw-mr53",
  "modified": "2023-03-31T18:30:22Z",
  "published": "2022-05-24T16:54:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1896"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CISCO-SA-20190821-IMC-CMDINJECT-1896

Vulnerability from csaf_cisco - Published: 2019-08-21 16:00 - Updated: 2020-08-26 14:48

Summary

Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability

Notes

Summary

Vulnerable Products

This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco IMC Software: UCS C-Series and S-Series Servers in standalone mode UCS E-Series Servers 5000 Series Enterprise Network Compute System (ENCS) Platforms For information about affected software releases, consult the Fixed Software ["#fs"] section of this advisory.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco FI-Attached servers that are managed by UCS Manager: UCS B-Series Servers UCS C-Series Servers UCS S-Series Servers

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html ["https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"] Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html ["https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"] Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Cisco UCS C-Series and S-Series Servers Customers are advised to upgrade to the appropriate Cisco UCS C-Series and S-Series software release as indicated in the following table: Cisco IMC Software Release First Fixed Release 1.4 Not vulnerable 1.5 Not vulnerable 2.0 2.0(13o) 3.0 3.0(4k) 4.0 4.0(2f), 4.0(4b) Customers can download Cisco IMC Software from the Software Center ["https://software.cisco.com/download/home"] on Cisco.com by doing the following: Click Browse all. Navigate to Servers - Unified Computing > UCS C-Series Rack-Mount Standalone Server Software. In the right pane, choose the appropriate Cisco UCS C-Series platform. On the Select a Software Type page, click Unified Computing System (UCS) Server Firmware. Access releases by using the left pane of the page. Cisco UCS E-Series Servers Cisco fixed this vulnerability in Cisco IMC Software Release 3.2(8) for Cisco UCS E-Series Servers. Customers can download the software from the Software Center ["https://software.cisco.com/download/home"] on Cisco.com by doing the following: Click Browse all. Navigate to Servers - Unified Computing > UCS E-Series Software. In the right pane, choose the appropriate Cisco UCS E-Series platform. On the Select a Software Type page, click Unified Computing System (UCS) Server Firmware. Access releases by using the left pane of the page. Cisco 5000 Series Enterprise Network Compute System Platforms Cisco fixed this vulnerability in Cisco IMC Software Release 3.2(8) for Cisco 5000 Series ENCS Platforms. Customers can download the software from the Software Center ["https://software.cisco.com/download/home"] on Cisco.com by doing the following: Click Browse all. Navigate to Routers > Network Functions Virtualization > 5000 Series Enterprise Network Compute System. In the right pane, choose the appropriate ENCS platform. On the Select a Software Type page, click ENCS Software. Access releases by using the left pane of the page.

Vulnerability Policy

To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

This vulnerability was found by M.S. of Cisco during internal security testing.

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "summary": "This vulnerability was found by M.S. of Cisco during internal security testing."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges.\r\n\r\nThe vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges.\r\n\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\r\n\r\n",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco IMC Software:\r\n\r\nUCS C-Series and S-Series Servers in standalone mode\r\nUCS E-Series Servers\r\n5000 Series Enterprise Network Compute System (ENCS) Platforms\r\n\r\nFor information about affected software releases, consult the Fixed Software [\"#fs\"] section of this advisory.",
        "title": "Vulnerable Products"
      },
      {
        "category": "general",
        "text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that this vulnerability does not affect the following Cisco  FI-Attached servers that are managed by UCS Manager:\r\n\r\nUCS B-Series Servers\r\nUCS C-Series Servers\r\nUCS S-Series Servers",
        "title": "Products Confirmed Not Vulnerable"
      },
      {
        "category": "general",
        "text": "There are no workarounds that address this vulnerability.",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:\r\nhttps://www.cisco.com/c/en/us/products/end-user-license-agreement.html [\"https://www.cisco.com/c/en/us/products/end-user-license-agreement.html\"]\r\n\r\nAdditionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.\r\n\r\nWhen considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n  Customers Without Service Contracts\r\nCustomers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC:\r\nhttps://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html [\"https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html\"]\r\n\r\nCustomers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.\r\n      Fixed Releases\r\nCisco UCS C-Series and S-Series Servers\r\n\r\nCustomers are advised to upgrade to the appropriate Cisco UCS C-Series and S-Series software release as indicated in the following table:\r\n        Cisco IMC Software Release  First Fixed Release          1.4  Not vulnerable      1.5  Not vulnerable      2.0  2.0(13o)      3.0  3.0(4k)      4.0  4.0(2f), 4.0(4b)\r\nCustomers can download Cisco IMC Software from the Software Center [\"https://software.cisco.com/download/home\"] on Cisco.com by doing the following:\r\n\r\nClick Browse all.\r\nNavigate to Servers - Unified Computing \u003e UCS C-Series Rack-Mount Standalone Server Software.\r\nIn the right pane, choose the appropriate Cisco UCS C-Series platform.\r\nOn the Select a Software Type page, click Unified Computing System (UCS) Server Firmware.\r\nAccess releases by using the left pane of the page.\r\n\r\nCisco UCS E-Series Servers\r\n\r\nCisco fixed this vulnerability in Cisco IMC Software Release 3.2(8) for Cisco UCS E-Series Servers.\r\n\r\nCustomers can download the software from the Software Center [\"https://software.cisco.com/download/home\"] on Cisco.com by doing the following:\r\n\r\nClick Browse all.\r\nNavigate to Servers - Unified Computing \u003e UCS E-Series Software.\r\nIn the right pane, choose the appropriate Cisco UCS E-Series platform.\r\nOn the Select a Software Type page, click Unified Computing System (UCS) Server Firmware.\r\nAccess releases by using the left pane of the page.\r\n\r\nCisco 5000 Series Enterprise Network Compute System Platforms\r\n\r\nCisco fixed this vulnerability in Cisco IMC Software Release 3.2(8) for Cisco 5000 Series ENCS Platforms.\r\n\r\nCustomers can download the software from the Software Center [\"https://software.cisco.com/download/home\"] on Cisco.com by doing the following:\r\n\r\nClick Browse all.\r\nNavigate to Routers \u003e Network Functions Virtualization \u003e 5000 Series Enterprise Network Compute System.\r\nIn the right pane, choose the appropriate ENCS platform.\r\nOn the Select a Software Type page, click ENCS Software.\r\nAccess releases by using the left pane of the page.",
        "title": "Fixed Software"
      },
      {
        "category": "general",
        "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
        "title": "Vulnerability Policy"
      },
      {
        "category": "general",
        "text": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
        "title": "Exploitation and Public Announcements"
      },
      {
        "category": "general",
        "text": "This vulnerability was found by M.S. of Cisco during internal security testing.",
        "title": "Source"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
        "title": "Legal Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@cisco.com",
      "issuing_authority": "Cisco PSIRT",
      "name": "Cisco",
      "namespace": "https://wwww.cisco.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896"
      },
      {
        "category": "external",
        "summary": "Cisco Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html",
        "url": "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"
      },
      {
        "category": "external",
        "summary": "considering software upgrades",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
      },
      {
        "category": "external",
        "summary": "Cisco\u0026nbsp;Security Advisories and Alerts page",
        "url": "https://www.cisco.com/go/psirt"
      },
      {
        "category": "external",
        "summary": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html",
        "url": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"
      },
      {
        "category": "external",
        "summary": "Software Center",
        "url": "https://software.cisco.com/download/home"
      }
    ],
    "title": "Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability",
    "tracking": {
      "current_release_date": "2020-08-26T14:48:23+00:00",
      "generator": {
        "date": "2024-05-10T22:48:31+00:00",
        "engine": {
          "name": "TVCE"
        }
      },
      "id": "cisco-sa-20190821-imc-cmdinject-1896",
      "initial_release_date": "2019-08-21T16:00:00+00:00",
      "revision_history": [
        {
          "date": "2019-08-21T14:59:19+00:00",
          "number": "1.0.0",
          "summary": "Initial public release."
        },
        {
          "date": "2020-08-26T14:48:23+00:00",
          "number": "1.1.0",
          "summary": "Updated to acknowledge the submitter of this vulnerability."
        }
      ],
      "status": "final",
      "version": "1.1.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_family",
            "name": "Cisco Unified Computing System (Standalone)",
            "product": {
              "name": "Cisco Unified Computing System (Standalone) ",
              "product_id": "CSAFPID-191638"
            }
          },
          {
            "category": "product_family",
            "name": "Cisco Unified Computing System E-Series Software (UCSE)",
            "product": {
              "name": "Cisco Unified Computing System E-Series Software (UCSE) ",
              "product_id": "CSAFPID-201970"
            }
          },
          {
            "category": "product_family",
            "name": "Cisco Unified Computing System (Management Software)",
            "product": {
              "name": "Cisco Unified Computing System (Management Software) ",
              "product_id": "CSAFPID-203512"
            }
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-1896",
      "ids": [
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCvo36057"
        }
      ],
      "notes": [
        {
          "category": "other",
          "text": "Complete.",
          "title": "Affected Product Comprehensiveness"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-191638",
          "CSAFPID-201970",
          "CSAFPID-203512"
        ]
      },
      "release_date": "2019-08-21T16:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cisco has released software updates that address this vulnerability.",
          "product_ids": [
            "CSAFPID-191638",
            "CSAFPID-201970",
            "CSAFPID-203512"
          ],
          "url": "https://software.cisco.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-191638",
            "CSAFPID-201970",
            "CSAFPID-203512"
          ]
        }
      ],
      "title": "Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability"
    }
  ]
}

GSD-2019-1896

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-1896

Aliases

CVE-2019-1896

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-1896",
    "description": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges.",
    "id": "GSD-2019-1896"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-1896"
      ],
      "details": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges.",
      "id": "GSD-2019-1896",
      "modified": "2023-12-13T01:23:51.177952Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2019-08-21T16:00:00-0700",
        "ID": "CVE-2019-1896",
        "STATE": "PUBLIC",
        "TITLE": "Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Unified Computing System E-Series Software (UCSE) ",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003c",
                          "version_value": "3.0(4k)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
        }
      ],
      "impact": {
        "cvss": {
          "baseScore": "7.2",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H ",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-78"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20190821 Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896"
          }
        ]
      },
      "source": {
        "advisory": "cisco-sa-20190821-imc-cmdinject-1896",
        "defect": [
          [
            "CSCvo36057"
          ]
        ],
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\)hs3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.0\\(13o\\)",
                    "versionStartIncluding": "2.0.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.0\\(4k\\)",
                    "versionStartIncluding": "3.0.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.0\\(4b\\)",
                    "versionStartIncluding": "4.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.0\\(2f\\)",
                    "versionStartIncluding": "4.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2019-1896"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190821 Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-03-31T15:57Z",
      "publishedDate": "2019-08-21T19:15Z"
    }
  }
}

CERTFR-2019-AVI-410

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco IMC versions 2.0(x) antérieures à 2.0(13o) sur UCS séries C et S
Cisco	N/A	Cisco IMC versions 4.0(x) antérieures à 4.0(1d), 4.0(2c), 4.0(2f) et 4.0(4b) sur UCS séries C et S
Cisco	N/A	Cisco IMC versions 1.5(x) antérieures à 1.5(9g) sur UCS séries C et S
Cisco	N/A	Cisco UCS Director versions 6.5 et 6.6
Cisco	N/A	Cisco Integrated Management Controller Supervisor versions antérieures à 2.2.1.0
Cisco	N/A	Cisco UCS Director Express for Big Data versions antérieures à 3.7.3.0
Cisco	N/A	Cisco UCS Director versions antérieures à 6.7.3.0
Cisco	N/A	Cisco IMC versions 3.0(x) antérieures à 3.0(4k) sur UCS séries C et S

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20190821-imc-cmdinj-1864 du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imc-infodisc du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imc-cmdinject-1896 du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imc-dos du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imc-cmdinject-1634 du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imc-privescal du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imcs-usercred du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-ucsd-authbypass du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imcs-ucs-authby du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imcs-ucs-cmdinj du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-cimc-cli-inject du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imcs-ucs-authbypass du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-ucs-imc-dos du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imc-bo du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-ucs-cimc du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imc-privilege du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imc-cmdinj-1850 du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imc-cmdinj-1865 du 21 août 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco IMC versions 2.0(x) ant\u00e9rieures \u00e0 2.0(13o) sur UCS s\u00e9ries C et S",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IMC versions 4.0(x) ant\u00e9rieures \u00e0 4.0(1d), 4.0(2c), 4.0(2f) et 4.0(4b) sur UCS s\u00e9ries C et S",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IMC versions 1.5(x) ant\u00e9rieures \u00e0 1.5(9g) sur UCS s\u00e9ries C et S",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco UCS Director versions 6.5 et 6.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Integrated Management Controller Supervisor versions ant\u00e9rieures \u00e0 2.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco UCS Director Express for Big Data versions ant\u00e9rieures \u00e0 3.7.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco UCS Director versions ant\u00e9rieures \u00e0 6.7.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IMC versions 3.0(x) ant\u00e9rieures \u00e0 3.0(4k) sur UCS s\u00e9ries C et S",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-1634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1634"
    },
    {
      "name": "CVE-2019-1900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1900"
    },
    {
      "name": "CVE-2019-1908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1908"
    },
    {
      "name": "CVE-2019-1865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1865"
    },
    {
      "name": "CVE-2019-12634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12634"
    },
    {
      "name": "CVE-2019-1974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1974"
    },
    {
      "name": "CVE-2019-1883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1883"
    },
    {
      "name": "CVE-2019-1896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1896"
    },
    {
      "name": "CVE-2019-1938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1938"
    },
    {
      "name": "CVE-2019-1937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1937"
    },
    {
      "name": "CVE-2019-1936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1936"
    },
    {
      "name": "CVE-2019-1935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1935"
    },
    {
      "name": "CVE-2019-1850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1850"
    },
    {
      "name": "CVE-2019-1863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1863"
    },
    {
      "name": "CVE-2019-1864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1864"
    },
    {
      "name": "CVE-2019-1871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1871"
    },
    {
      "name": "CVE-2019-1885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1885"
    },
    {
      "name": "CVE-2019-1907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1907"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-410",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-08-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imc-cmdinj-1864 du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1864"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imc-infodisc du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-infodisc"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imc-cmdinject-1896 du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imc-dos du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-dos"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imc-cmdinject-1634 du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1634"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imc-privescal du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privescal"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imcs-usercred du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-usercred"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-ucsd-authbypass du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucsd-authbypass"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imcs-ucs-authby du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authby"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imcs-ucs-cmdinj du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-cimc-cli-inject du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-cimc-cli-inject"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imcs-ucs-authbypass du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypass"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-ucs-imc-dos du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-imc-dos"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imc-bo du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-bo"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-ucs-cimc du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-cimc"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imc-privilege du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privilege"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imc-cmdinj-1850 du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1850"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imc-cmdinj-1865 du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1865"
    }
  ]
}

CERTFR-2019-AVI-410

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco IMC versions 2.0(x) antérieures à 2.0(13o) sur UCS séries C et S
Cisco	N/A	Cisco IMC versions 4.0(x) antérieures à 4.0(1d), 4.0(2c), 4.0(2f) et 4.0(4b) sur UCS séries C et S
Cisco	N/A	Cisco IMC versions 1.5(x) antérieures à 1.5(9g) sur UCS séries C et S
Cisco	N/A	Cisco UCS Director versions 6.5 et 6.6
Cisco	N/A	Cisco Integrated Management Controller Supervisor versions antérieures à 2.2.1.0
Cisco	N/A	Cisco UCS Director Express for Big Data versions antérieures à 3.7.3.0
Cisco	N/A	Cisco UCS Director versions antérieures à 6.7.3.0
Cisco	N/A	Cisco IMC versions 3.0(x) antérieures à 3.0(4k) sur UCS séries C et S

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20190821-imc-cmdinj-1864 du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imc-infodisc du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imc-cmdinject-1896 du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imc-dos du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imc-cmdinject-1634 du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imc-privescal du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imcs-usercred du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-ucsd-authbypass du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imcs-ucs-authby du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imcs-ucs-cmdinj du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-cimc-cli-inject du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imcs-ucs-authbypass du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-ucs-imc-dos du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imc-bo du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-ucs-cimc du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imc-privilege du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imc-cmdinj-1850 du 21 août 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190821-imc-cmdinj-1865 du 21 août 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco IMC versions 2.0(x) ant\u00e9rieures \u00e0 2.0(13o) sur UCS s\u00e9ries C et S",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IMC versions 4.0(x) ant\u00e9rieures \u00e0 4.0(1d), 4.0(2c), 4.0(2f) et 4.0(4b) sur UCS s\u00e9ries C et S",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IMC versions 1.5(x) ant\u00e9rieures \u00e0 1.5(9g) sur UCS s\u00e9ries C et S",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco UCS Director versions 6.5 et 6.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Integrated Management Controller Supervisor versions ant\u00e9rieures \u00e0 2.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco UCS Director Express for Big Data versions ant\u00e9rieures \u00e0 3.7.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco UCS Director versions ant\u00e9rieures \u00e0 6.7.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IMC versions 3.0(x) ant\u00e9rieures \u00e0 3.0(4k) sur UCS s\u00e9ries C et S",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-1634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1634"
    },
    {
      "name": "CVE-2019-1900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1900"
    },
    {
      "name": "CVE-2019-1908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1908"
    },
    {
      "name": "CVE-2019-1865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1865"
    },
    {
      "name": "CVE-2019-12634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12634"
    },
    {
      "name": "CVE-2019-1974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1974"
    },
    {
      "name": "CVE-2019-1883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1883"
    },
    {
      "name": "CVE-2019-1896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1896"
    },
    {
      "name": "CVE-2019-1938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1938"
    },
    {
      "name": "CVE-2019-1937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1937"
    },
    {
      "name": "CVE-2019-1936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1936"
    },
    {
      "name": "CVE-2019-1935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1935"
    },
    {
      "name": "CVE-2019-1850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1850"
    },
    {
      "name": "CVE-2019-1863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1863"
    },
    {
      "name": "CVE-2019-1864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1864"
    },
    {
      "name": "CVE-2019-1871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1871"
    },
    {
      "name": "CVE-2019-1885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1885"
    },
    {
      "name": "CVE-2019-1907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1907"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-410",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-08-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imc-cmdinj-1864 du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1864"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imc-infodisc du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-infodisc"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imc-cmdinject-1896 du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imc-dos du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-dos"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imc-cmdinject-1634 du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1634"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imc-privescal du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privescal"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imcs-usercred du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-usercred"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-ucsd-authbypass du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucsd-authbypass"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imcs-ucs-authby du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authby"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imcs-ucs-cmdinj du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-cimc-cli-inject du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-cimc-cli-inject"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imcs-ucs-authbypass du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypass"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-ucs-imc-dos du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-imc-dos"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imc-bo du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-bo"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-ucs-cimc du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-cimc"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imc-privilege du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privilege"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imc-cmdinj-1850 du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1850"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190821-imc-cmdinj-1865 du 21 ao\u00fbt 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1865"
    }
  ]
}

VAR-201908-1011

Vulnerability from variot - Updated: 2023-12-18 12:17

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges. Cisco Integrated Management Controller (IMC) is a set of software used by Cisco to manage UCS (Unified Computing System). The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server. The following products and versions are affected: Cisco UCS C-Series Servers (in single mode); UCS S-Series Servers (in single mode); UCS E-Series Servers; 5000 Series Enterprise Network Compute System (ENCS) Platforms

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1011",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "integrated management controller supervisor",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0.0.0"
      },
      {
        "model": "integrated management controller supervisor",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0\\(4k\\)"
      },
      {
        "model": "integrated management controller supervisor",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0.0.0"
      },
      {
        "model": "integrated management controller supervisor",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(13o\\)"
      },
      {
        "model": "unified computing system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0\\(1c\\)hs3"
      },
      {
        "model": "integrated management controller supervisor",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0\\(2f\\)"
      },
      {
        "model": "integrated management controller supervisor",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0\\(4b\\)"
      },
      {
        "model": "integrated management controller supervisor",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0.0.0"
      },
      {
        "model": "integrated management controller supervisor",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified computing system software",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008616"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1896"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\)hs3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.0\\(13o\\)",
                    "versionStartIncluding": "2.0.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.0\\(4k\\)",
                    "versionStartIncluding": "3.0.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.0\\(4b\\)",
                    "versionStartIncluding": "4.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.0\\(2f\\)",
                    "versionStartIncluding": "4.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-1896"
      }
    ]
  },
  "cve": "CVE-2019-1896",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2019-1896",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "VHN-151358",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "ykramarz@cisco.com",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.2,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-1896",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-1896",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "ykramarz@cisco.com",
            "id": "CVE-2019-1896",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201908-1703",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-151358",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-151358"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008616"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1896"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1896"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1703"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges. Cisco Integrated Management Controller (IMC) is a set of software used by Cisco to manage UCS (Unified Computing System). The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server. The following products and versions are affected: Cisco UCS C-Series Servers (in single mode); UCS S-Series Servers (in single mode); UCS E-Series Servers; 5000 Series Enterprise Network Compute System (ENCS) Platforms",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-1896"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008616"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151358"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-1896",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008616",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1703",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3212",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-151358",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-151358"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008616"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1896"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1703"
      }
    ]
  },
  "id": "VAR-201908-1011",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-151358"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:17:48.353000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20190821-imc-cmdinject-1896",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinject-1896"
      },
      {
        "title": "Cisco Integrated Management Controller Fixes for operating system command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=97298"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008616"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1703"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-151358"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008616"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1896"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinject-1896"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1896"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1896"
      },
      {
        "trust": 0.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-bo"
      },
      {
        "trust": 0.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-cimc-cli-inject"
      },
      {
        "trust": 0.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-ucs-cimc"
      },
      {
        "trust": 0.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinject-1634"
      },
      {
        "trust": 0.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinj-1865"
      },
      {
        "trust": 0.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinj-1864"
      },
      {
        "trust": 0.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-cmdinj-1850"
      },
      {
        "trust": 0.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-infodisc"
      },
      {
        "trust": 0.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-privilege"
      },
      {
        "trust": 0.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-privescal"
      },
      {
        "trust": 0.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imcs-ucs-authby"
      },
      {
        "trust": 0.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imcs-ucs-cmdinj"
      },
      {
        "trust": 0.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-ucs-imc-dos"
      },
      {
        "trust": 0.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imcs-usercred"
      },
      {
        "trust": 0.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-imc-dos"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3212/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-151358"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008616"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1896"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1703"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-151358"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008616"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1896"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1703"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-151358"
      },
      {
        "date": "2019-09-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-008616"
      },
      {
        "date": "2019-08-21T19:15:15.013000",
        "db": "NVD",
        "id": "CVE-2019-1896"
      },
      {
        "date": "2019-08-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-1703"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-151358"
      },
      {
        "date": "2019-09-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-008616"
      },
      {
        "date": "2023-03-31T15:57:37.183000",
        "db": "NVD",
        "id": "CVE-2019-1896"
      },
      {
        "date": "2019-09-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-1703"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1703"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Integrated Management Controller In  OS Command injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008616"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1703"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2019-1896

Vulnerability from fkie_nvd - Published: 2019-08-21 19:15 - Updated: 2024-11-21 04:37

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	unified_computing_system	4.0\(1c\)hs3
cisco	integrated_management_controller_supervisor	*
cisco	integrated_management_controller_supervisor	*
cisco	integrated_management_controller_supervisor	*
cisco	encs_5100	-
cisco	encs_5400	-
cisco	ucs-e1120d-m3	-
cisco	ucs-e140s-m2	-
cisco	ucs-e160d-m2	-
cisco	ucs-e160s-m3	-
cisco	ucs-e168d-m2	-
cisco	ucs-e180d-m3	-
cisco	ucs_c125_m5	-
cisco	ucs_c4200	-
cisco	ucs_s3260	-
cisco	integrated_management_controller_supervisor	*
cisco	encs_5100	-
cisco	encs_5400	-
cisco	ucs-e1120d-m3	-
cisco	ucs-e140s-m2	-
cisco	ucs-e160d-m2	-
cisco	ucs-e160s-m3	-
cisco	ucs-e168d-m2	-
cisco	ucs-e180d-m3	-
cisco	ucs_c125_m5	-
cisco	ucs_c4200	-
cisco	ucs_s3260	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\)hs3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39F8601E-730B-489B-AD2A-FD10FAF28595",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "416F7C96-3EF0-4B6D-B414-3FC0D0848144",
              "versionEndExcluding": "2.0\\(13o\\)",
              "versionStartIncluding": "2.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0056011A-04F0-4185-8EE7-B1B30CAAA863",
              "versionEndExcluding": "3.0\\(4k\\)",
              "versionStartIncluding": "3.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59EE9E78-D09E-4069-BC84-ED42E3EE76F1",
              "versionEndExcluding": "4.0\\(4b\\)",
              "versionStartIncluding": "4.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "678F3A32-372A-441E-8115-95181FBAF628",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF77273F-73C0-40EB-BB4E-75269D46F074",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "757958F5-F58C-4128-B128-D989A56ACA34",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62D6B73-1AB7-4B93-A92E-275E78DF114C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0E6AAD9-824C-4126-8347-2FF1895E6D33",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD31E5A-518C-482F-A926-383ADCC7015E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "155D990F-C7DA-48DD-92CC-18542DBBE572",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADD4A429-F168-460B-A964-8F1BD94C6387",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD25964B-08B7-477E-A507-5FE5EE7CD286",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FDC8A69-0914-44C1-8AEA-262E0A285C81",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5549F4C-CF65-4F22-9675-EFAA99964CA0",
              "versionEndExcluding": "4.0\\(2f\\)",
              "versionStartIncluding": "4.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "678F3A32-372A-441E-8115-95181FBAF628",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF77273F-73C0-40EB-BB4E-75269D46F074",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "757958F5-F58C-4128-B128-D989A56ACA34",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62D6B73-1AB7-4B93-A92E-275E78DF114C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0E6AAD9-824C-4126-8347-2FF1895E6D33",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD31E5A-518C-482F-A926-383ADCC7015E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "155D990F-C7DA-48DD-92CC-18542DBBE572",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADD4A429-F168-460B-A964-8F1BD94C6387",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD25964B-08B7-477E-A507-5FE5EE7CD286",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FDC8A69-0914-44C1-8AEA-262E0A285C81",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en la web de Cisco Integrated Management Controller (IMC) podr\u00eda permitir que un atacante remoto autenticado inyecte comandos arbitrarios y obtenga privilegios de root. La vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario en la funci\u00f3n de Solicitud de firma de certificado (CSR) de la interfaz de administraci\u00f3n basada en la web. Un atacante podr\u00eda aprovechar esta vulnerabilidad al enviar una CSR dise\u00f1ada en la interfaz de administraci\u00f3n basada en la web. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante con privilegios de administrador ejecute comandos arbitrarios en el dispositivo con todos los privilegios de root."
    }
  ],
  "id": "CVE-2019-1896",
  "lastModified": "2024-11-21T04:37:38.333",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-21T19:15:15.013",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2019-28402

Vulnerability from cnvd - Published: 2019-08-22

Title

Cisco Integrated Management Controller命令注入漏洞（CNVD-2019-28402）

Description

Cisco Integrated Management Controller (IMC)是一个为Cisco UCS? C系列机架式服务器和Cisco S系列存储服务器提供嵌入式服务器管理的基板管理控制器。 Cisco Integrated Management Controller (IMC)的基于Web的管理界面存在命令注入漏洞，具有管理员权限的远程认证攻击者可通过在基于Web的管理界面中提交特制CSR利用该漏洞以完全的root权限在设备上执行任意命令。

Severity

中

Patch Name

Cisco Integrated Management Controller命令注入漏洞（CNVD-2019-28402）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896

Impacted products

Name
Cisco Integrated Management Controller

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-1896",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-1896"
    }
  },
  "description": "Cisco Integrated Management Controller (IMC)\u662f\u4e00\u4e2a\u4e3aCisco UCS? C\u7cfb\u5217\u673a\u67b6\u5f0f\u670d\u52a1\u5668\u548cCisco S\u7cfb\u5217\u5b58\u50a8\u670d\u52a1\u5668\u63d0\u4f9b\u5d4c\u5165\u5f0f\u670d\u52a1\u5668\u7ba1\u7406\u7684\u57fa\u677f\u7ba1\u7406\u63a7\u5236\u5668\u3002\n\nCisco Integrated Management Controller (IMC)\u7684\u57fa\u4e8eWeb\u7684\u7ba1\u7406\u754c\u9762\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u5177\u6709\u7ba1\u7406\u5458\u6743\u9650\u7684\u8fdc\u7a0b\u8ba4\u8bc1\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5728\u57fa\u4e8eWeb\u7684\u7ba1\u7406\u754c\u9762\u4e2d\u63d0\u4ea4\u7279\u5236CSR\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u5b8c\u5168\u7684root\u6743\u9650\u5728\u8bbe\u5907\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-28402",
  "openTime": "2019-08-22",
  "patchDescription": "Cisco Integrated Management Controller (IMC)\u662f\u4e00\u4e2a\u4e3aCisco UCS? C\u7cfb\u5217\u673a\u67b6\u5f0f\u670d\u52a1\u5668\u548cCisco S\u7cfb\u5217\u5b58\u50a8\u670d\u52a1\u5668\u63d0\u4f9b\u5d4c\u5165\u5f0f\u670d\u52a1\u5668\u7ba1\u7406\u7684\u57fa\u677f\u7ba1\u7406\u63a7\u5236\u5668\u3002\r\n\r\nCisco Integrated Management Controller (IMC)\u7684\u57fa\u4e8eWeb\u7684\u7ba1\u7406\u754c\u9762\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u5177\u6709\u7ba1\u7406\u5458\u6743\u9650\u7684\u8fdc\u7a0b\u8ba4\u8bc1\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5728\u57fa\u4e8eWeb\u7684\u7ba1\u7406\u754c\u9762\u4e2d\u63d0\u4ea4\u7279\u5236CSR\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u5b8c\u5168\u7684root\u6743\u9650\u5728\u8bbe\u5907\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Integrated Management Controller\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2019-28402\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Integrated Management Controller"
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896",
  "serverity": "\u4e2d",
  "submitTime": "2019-08-22",
  "title": "Cisco Integrated Management Controller\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2019-28402\uff09"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-1896 (GCVE-0-2019-1896)

Solution

Solution

Tags

Sightings

Nomenclature