Vulnerabilites related to cisco - integrated_management_controller_supervisor
Vulnerability from fkie_nvd
Published
2017-04-20 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user's browser session on the affected system. Cisco Bug IDs: CSCvd14583.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/97929 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97929 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | integrated_management_controller_supervisor | 3.0\(1c\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:3.0\\(1c\\):*:*:*:*:*:*:*", matchCriteriaId: "674BE7E5-FC1C-4083-B4D3-8C816239D0CB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user's browser session on the affected system. Cisco Bug IDs: CSCvd14583.", }, { lang: "es", value: "Una vulnerabilidad en la funcionalidad de administración de identificación de sesión de la GUI basada en web de Cisco Integrated Management Controller (IMC) 3.0 (1c) podría permitir a un atacante remoto no autenticado secuestrar una sesión de usuario válida en un sistema afectado. La vulnerabilidad existe porque el software afectado no asigna un nuevo identificador de sesión a una sesión de usuario cuando un usuario se autentica en la GUI basada en web. Un atacante podría explotar esta vulnerabilidad usando un identificador de sesión secuestrado para conectarse al software a través de la GUI basada en web. Una explotación exitosa podría permitir al atacante secuestrar la sesión del navegador de un usuario autenticado en el sistema afectado. Cisco Bug IDs: CSCvd14583.", }, ], id: "CVE-2017-6617", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-20T22:59:00.823", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97929", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97929", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-07 21:29
Modified
2024-11-21 03:37
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive browser-based information on the affected device. Cisco Bug IDs: CSCvh12994.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/104444 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1041072 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucsdimcs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104444 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041072 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucsdimcs | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | integrated_management_controller_supervisor | 2.1\(0.2\) | |
| cisco | integrated_management_controller_supervisor | 2.2\(0.2\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.1\\(0.2\\):*:*:*:*:*:*:*", matchCriteriaId: "3FDBA512-E254-402C-A91E-4D622E472166", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.2\\(0.2\\):*:*:*:*:*:*:*", matchCriteriaId: "859765F4-6B32-46BC-AC07-E842DD55AD11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive browser-based information on the affected device. Cisco Bug IDs: CSCvh12994.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de gestión web de Cisco Integrated Management Controller Supervisor Software y Cisco UCS Director Software podría permitir que un atacante remoto autenticado lleve a cabo un ataque Document Object Model (DOM) Cross-Site Scripting (XSS) contra un usuario de dicha interfaz en un dispositivo afectado. La vulnerabilidad se debe a la validación insuficiente de entrada de datos de parte del usuario en la interfaz de gestión web del software afectado. Un atacante podría explotar esta vulnerabilidad haciendo que un usuario de la aplicación afectada haga clic en un enlace malicioso. Su explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz afectada o que pueda acceder a información sensible del navegador en el sistema afectado. Cisco Bug IDs: CSCvh12994.", }, ], id: "CVE-2018-0149", lastModified: "2024-11-21T03:37:36.807", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-07T21:29:00.307", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104444", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041072", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucsdimcs", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104444", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041072", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucsdimcs", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-21 19:15
Modified
2024-11-21 04:36
Severity ?
Summary
A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of user-supplied commands. An attacker who has administrator privileges and access to the network where the IPMI resides could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to gain root privileges on the affected device.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\)hs3:*:*:*:*:*:*:*", matchCriteriaId: "39F8601E-730B-489B-AD2A-FD10FAF28595", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "AD570463-F539-47E7-B455-9376BD3EE99D", versionEndExcluding: "1.5\\(9g\\)", versionStartIncluding: "1.5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "416F7C96-3EF0-4B6D-B414-3FC0D0848144", versionEndExcluding: "2.0\\(13o\\)", versionStartIncluding: "2.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "0056011A-04F0-4185-8EE7-B1B30CAAA863", versionEndExcluding: "3.0\\(4k\\)", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "59EE9E78-D09E-4069-BC84-ED42E3EE76F1", versionEndExcluding: "4.0\\(4b\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*", matchCriteriaId: "678F3A32-372A-441E-8115-95181FBAF628", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*", matchCriteriaId: "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "DF77273F-73C0-40EB-BB4E-75269D46F074", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "757958F5-F58C-4128-B128-D989A56ACA34", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "F62D6B73-1AB7-4B93-A92E-275E78DF114C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "A0E6AAD9-824C-4126-8347-2FF1895E6D33", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "3BD31E5A-518C-482F-A926-383ADCC7015E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "155D990F-C7DA-48DD-92CC-18542DBBE572", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "F5549F4C-CF65-4F22-9675-EFAA99964CA0", versionEndExcluding: "4.0\\(2f\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*", matchCriteriaId: "678F3A32-372A-441E-8115-95181FBAF628", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*", matchCriteriaId: "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "DF77273F-73C0-40EB-BB4E-75269D46F074", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "757958F5-F58C-4128-B128-D989A56ACA34", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "F62D6B73-1AB7-4B93-A92E-275E78DF114C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "A0E6AAD9-824C-4126-8347-2FF1895E6D33", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "3BD31E5A-518C-482F-A926-383ADCC7015E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "155D990F-C7DA-48DD-92CC-18542DBBE572", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of user-supplied commands. An attacker who has administrator privileges and access to the network where the IPMI resides could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to gain root privileges on the affected device.", }, { lang: "es", value: "Una vulnerabilidad en la Interfaz de administración de plataforma inteligente (IPMI) de Cisco Integrated Management Controller (IMC) podría permitir que un atacante remoto autenticado inyecte comandos arbitrarios que se ejecutan con privilegios de raíz en el sistema operativo (SO) subyacente. La vulnerabilidad se debe a una validación de entrada insuficiente de los comandos proporcionados por el usuario. Un atacante que tenga privilegios de administrador y acceso a la red donde reside el IPMI podría aprovechar esta vulnerabilidad al enviar una entrada diseñada a los comandos afectados. Una explotación exitosa podría permitir al atacante obtener privilegios de root en el dispositivo afectado.", }, ], id: "CVE-2019-1634", lastModified: "2024-11-21T04:36:58.597", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-21T19:15:14.043", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1634", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1634", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-10 10:15
Modified
2025-04-03 20:53
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
References
Impacted products
{ cisaActionDue: "2021-12-24", cisaExploitAdd: "2021-12-10", cisaRequiredAction: "For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.", cisaVulnerabilityName: "Apache Log4j2 Remote Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BD64FC36-CC7B-4FD7-9845-7EA1DDB0E627", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "CF99FE8F-40D0-48A8-9A40-43119B259535", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D0012304-B1C8-460A-B891-42EBF96504F5", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "F3F61BCB-64FA-463C-8B95-8868995EDBC0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B02BCF56-D9D3-4BF3-85A2-D445E997F5EC", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "B5A189B7-DDBF-4B84-997F-637CEC5FF12B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4A2DB5BA-1065-467A-8FB6-81B5EC29DC0C", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "035AFD6F-E560-43C8-A283-8D80DAA33025", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "809EB87E-561A-4DE5-9FF3-BBEE0FA3706E", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "4594FF76-A1F8-4457-AE90-07D051CD0DCB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "03FA5E81-F9C0-403E-8A4B-E4284E4E7B72", versionEndExcluding: "2.3.1", versionStartIncluding: "2.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "AED3D5EC-DAD5-4E5F-8BBD-B4E3349D84FC", versionEndExcluding: "2.12.2", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "D31D423D-FC4D-428A-B863-55AF472B80DC", versionEndExcluding: "2.15.0", versionStartIncluding: "2.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*", matchCriteriaId: "17854E42-7063-4A55-BF2A-4C7074CC2D60", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*", matchCriteriaId: "53F32FB2-6970-4975-8BD0-EAE12E9AD03A", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*", matchCriteriaId: "B773ED91-1D39-42E6-9C52-D02210DE1A94", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*", matchCriteriaId: "EF24312D-1A62-482E-8078-7EC24758B710", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E8320869-CBF4-4C92-885C-560C09855BFA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*", matchCriteriaId: "755BA221-33DD-40A2-A517-8574D042C261", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:capital:*:*:*:*:*:*:*:*", matchCriteriaId: "9AAF12D5-7961-4344-B0CC-BE1C673BFE1F", versionEndExcluding: "2019.1", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:capital:2019.1:-:*:*:*:*:*:*", matchCriteriaId: "19CB7B44-1877-4739-AECB-3E995ED03FC9", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:capital:2019.1:sp1912:*:*:*:*:*:*", matchCriteriaId: "A883D9C2-F2A4-459F-8000-EE288DC0DD17", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*", matchCriteriaId: "9CD4AC6F-B8D3-4588-B3BD-55C9BAF4AAAC", versionEndExcluding: "10.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_advanced_reports:3.0:*:*:*:*:*:*:*", matchCriteriaId: "8AFD64AC-0826-48FB-91B0-B8DF5ECC8775", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:*", matchCriteriaId: "BB524B33-68E7-46A2-B5CE-BCD9C3194B8B", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:*", matchCriteriaId: "5F852C6D-44A0-4CCE-83C7-4501CAD73F9F", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:*", matchCriteriaId: "AA61161C-C2E7-4852-963E-E2D3DFBFDC7B", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:*", matchCriteriaId: "A76AA04A-BB43-4027-895E-D1EACFCDF41B", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:*", matchCriteriaId: "2A6B60F3-327B-49B7-B5E4-F1C60896C9BB", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:*", matchCriteriaId: "4BCF281E-B0A2-49E2-AEF8-8691BDCE08D5", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:*", matchCriteriaId: "A87EFCC4-4BC1-4FEA-BAA4-8FF221838EBD", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:*", matchCriteriaId: "B678380B-E95E-4A8B-A49D-D13B62AA454E", versionEndExcluding: "2021-12-13", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:*", matchCriteriaId: "4557476B-0157-44C2-BB50-299E7C7E1E72", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:*", matchCriteriaId: "991B2959-5AA3-4B68-A05A-42D9860FAA9D", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:*", matchCriteriaId: "7E5948A0-CA31-41DF-85B6-1E6D09E5720B", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:*", matchCriteriaId: "4C08D302-EEAC-45AA-9943-3A5F09E29FAB", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:*", matchCriteriaId: "D53BA68C-B653-4507-9A2F-177CF456960F", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:energyip_prepay:*:*:*:*:*:*:*:*", matchCriteriaId: "536C7527-27E6-41C9-8ED8-564DD0DC4EA0", versionEndExcluding: "3.8.0.12", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0E180527-5C36-4158-B017-5BEDC0412FD6", versionEndExcluding: "8.6.2j-398", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:*", matchCriteriaId: "AFDADA98-1CD0-45DA-9082-BFC383F7DB97", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:*", matchCriteriaId: "E33D707F-100E-4DE7-A05B-42467DE75EAC", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:*", matchCriteriaId: "DD3EAC80-44BE-41D2-8D57-0EE3DBA1E1B1", versionEndExcluding: "2021-12-13", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:logo\\!_soft_comfort:*:*:*:*:*:*:*:*", matchCriteriaId: "2AC8AB52-F4F4-440D-84F5-2776BFE1957A", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*", matchCriteriaId: "6AF6D774-AC8C-49CA-A00B-A2740CA8FA91", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:*", matchCriteriaId: "25FADB1B-988D-4DB9-9138-7542AFDEB672", versionEndExcluding: "2021-12-16", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:*", matchCriteriaId: "48C6A61B-2198-4B9E-8BCF-824643C81EC3", versionEndExcluding: "2021-12-13", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:*", matchCriteriaId: "BEE2F7A1-8281-48F1-8BFB-4FE0D7E1AEF4", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*", matchCriteriaId: "C07AFA19-21AE-4C7E-AA95-69599834C0EC", versionEndExcluding: "3.5", versionStartIncluding: "3.2", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*", matchCriteriaId: "74D1F4AD-9A60-4432-864F-4505B3C60659", versionEndIncluding: "1.1.3", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:*", matchCriteriaId: "7ABA5332-8D1E-4129-A557-FCECBAC12827", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "9C3AA865-5570-4C8B-99DE-431AD7B163F1", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siguard_dsa:*:*:*:*:*:*:*:*", matchCriteriaId: "9A4B950B-4527-491B-B111-046DB1CCC037", versionEndExcluding: "4.4.1", versionStartIncluding: "4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*", matchCriteriaId: "83E77D85-0AE8-41D6-AC0C-983A8B73C831", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*", matchCriteriaId: "02B28A44-3708-480D-9D6D-DDF8C21A15EC", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:*", matchCriteriaId: "2FC0A575-F771-4B44-A0C6-6A5FD98E5134", versionEndIncluding: "4.16.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*", matchCriteriaId: "6D1D6B61-1F17-4008-9DFB-EF419777768E", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*", matchCriteriaId: "9772EE3F-FFC5-4611-AD9A-8AD8304291BB", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*", matchCriteriaId: "CF524892-278F-4373-A8A3-02A30FA1AFF4", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:*", matchCriteriaId: "F30DE588-9479-46AA-8346-EA433EE83A5F", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:*", matchCriteriaId: "4941EAD6-8759-4C72-ABA6-259C0E838216", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:*", matchCriteriaId: "5BF2708F-0BD9-41BF-8CB1-4D06C4EFB777", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:*", matchCriteriaId: "0762031C-DFF1-4962-AE05-0778B27324B9", versionEndExcluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:*", matchCriteriaId: "96271088-1D1B-4378-8ABF-11DAB3BB4DDC", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:*", matchCriteriaId: "2595AD24-2DF2-4080-B780-BC03F810B9A9", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:*", matchCriteriaId: "88096F08-F261-4E3E-9EEB-2AB0225CD6F3", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_4:*:*:*:*:*:*:*:*", matchCriteriaId: "044994F7-8127-4F03-AA1A-B2AB41D68AF5", versionEndExcluding: "4.70", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:*", matchCriteriaId: "A6CB3A8D-9577-41FB-8AC4-0DF8DE6A519C", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:*", matchCriteriaId: "17B7C211-6339-4AF2-9564-94C7DE52EEB7", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:*", matchCriteriaId: "DBCCBBBA-9A4F-4354-91EE-10A1460BBA3F", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:*", matchCriteriaId: "12F81F6B-E455-4367-ADA4-8A5EC7F4754A", versionEndExcluding: "2.30", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:*", matchCriteriaId: "A5EF509E-3799-4718-B361-EFCBA17AEEF3", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:*", matchCriteriaId: "8CA31645-29FC-4432-9BFC-C98A808DB8CF", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:*", matchCriteriaId: "BB424991-0B18-4FFC-965F-FCF4275F56C5", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*", matchCriteriaId: "1B209EFE-77F2-48CD-A880-ABA0A0A81AB1", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:*", matchCriteriaId: "72D238AB-4A1F-458D-897E-2C93DCD7BA6C", versionEndExcluding: "2019.1", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:*", matchCriteriaId: "9778339A-EA93-4D18-9A03-4EB4CBD25459", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:*", matchCriteriaId: "1747F127-AB45-4325-B9A1-F3D12E69FFC8", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:*", matchCriteriaId: "18BBEF7C-F686-4129-8EE9-0F285CE38845", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:vesys:2020.1:-:*:*:*:*:*:*", matchCriteriaId: "264C7817-0CD5-4370-BC39-E1DF3E932E16", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:vesys:2021.1:-:*:*:*:*:*:*", matchCriteriaId: "C7442C42-D493-46B9-BCC2-2C62EAD5B945", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:*", matchCriteriaId: "AD525494-2807-48EA-AED0-11B9CB5A6A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:*", matchCriteriaId: "1EDCBF98-A857-48BC-B04D-6F36A1975AA5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:intel:computer_vision_annotation_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "12A06BF8-E4DC-4389-8A91-8AC7598E0009", vulnerable: true, }, { criteria: "cpe:2.3:a:intel:datacenter_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EAD1E1F3-F06B-4D17-8854-2CDA7E6D872D", versionEndExcluding: "5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:*", matchCriteriaId: "18989EBC-E1FB-473B-83E0-48C8896C2E96", vulnerable: true, }, { criteria: "cpe:2.3:a:intel:oneapi_sample_browser:-:*:*:*:*:eclipse:*:*", matchCriteriaId: "EDE66B6C-25E5-49AE-B35F-582130502222", vulnerable: true, }, { criteria: "cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:*", matchCriteriaId: "22BEE177-D117-478C-8EAD-9606DEDF9FD5", vulnerable: true, }, { criteria: "cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:*", matchCriteriaId: "FC619106-991C-413A-809D-C2410EBA4CDB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*", matchCriteriaId: "CA7D45EF-18F7-43C6-9B51-ABAB7B0CA3CD", versionEndExcluding: "10.0.13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", matchCriteriaId: "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*", matchCriteriaId: "25FA7A4D-B0E2-423E-8146-E221AE2D6120", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*", matchCriteriaId: "26FCA75B-4282-4E0F-95B4-640A82C8E91C", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "197D0D80-6702-4B61-B681-AFDBA7D69067", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "CBCC384C-5DF0-41AB-B17B-6E9B6CAE8065", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "F3A48D58-4291-4D3C-9CEA-BF12183468A7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D452B464-1200-4B72-9A89-42DC58486191", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_enterprise_sds:-:*:*:*:*:*:*:*", matchCriteriaId: "5D18075A-E8D6-48B8-A7FA-54E336A434A2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:advanced_malware_protection_virtual_private_cloud_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52AF19-0158-451B-8E36-02CB6406083F", versionEndExcluding: "3.5.4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:automated_subsea_tuning:*:*:*:*:*:*:*:*", matchCriteriaId: "CB21CFB4-4492-4C5D-BD07-FFBE8B5D92B6", versionEndExcluding: "2.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:broadworks:*:*:*:*:*:*:*:*", matchCriteriaId: "97426511-9B48-46F5-AC5C-F9781F1BAE2F", versionEndExcluding: "2021.11_1.162", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "82306B9F-AE97-4E29-A8F7-2E5BA52998A7", versionEndExcluding: "3.0.000.115", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "4C903C85-DC0F-47D8-B8BE-7A666877B017", versionEndExcluding: "3.1.000.044", versionStartIncluding: "3.1.000.000", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "E4C6F9E0-5DCE-431D-AE7E-B680AC1F9332", versionEndExcluding: "3.2.000.009", versionStartIncluding: "3.2.000.000", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloud_connect:*:*:*:*:*:*:*:*", matchCriteriaId: "52CF6199-8028-4076-952B-855984F30129", versionEndExcluding: "12.6\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter:*:*:*:*:*:*:*:*", matchCriteriaId: "622BB8D9-AC81-4C0F-A5C5-C5E51F0BC0D1", versionEndExcluding: "4.10.0.16", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_cost_optimizer:*:*:*:*:*:*:*:*", matchCriteriaId: "38FB3CE1-5F62-4798-A825-4E3DB07E868F", versionEndExcluding: "5.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_suite_admin:*:*:*:*:*:*:*:*", matchCriteriaId: "29CDB878-B085-448E-AB84-25B1E2D024F8", versionEndExcluding: "5.3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_workload_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C25FDA96-9490-431F-B8B6-CC2CC272670E", versionEndExcluding: "5.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*", matchCriteriaId: "51CD9E4C-9385-435C-AD18-6C36C8DF7B65", versionEndExcluding: "2.9.1.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*", matchCriteriaId: "FC0AC4C1-CB06-4084-BFBB-5B702C384C53", versionEndExcluding: "2.10.0.1", versionStartIncluding: "2.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_mobile_experiences:-:*:*:*:*:*:*:*", matchCriteriaId: "3871EBD2-F270-435A-B98C-A282E1C52693", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:contact_center_domain_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D4DF34B-E8C2-41C8-90E2-D119B50E4E7E", versionEndExcluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:contact_center_management_portal:*:*:*:*:*:*:*:*", matchCriteriaId: "C8EF64DA-73E4-4E5E-8F9A-B837C947722E", versionEndExcluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "66E1E4FC-0B6E-4CFA-B003-91912F8785B2", versionEndExcluding: "2.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_data_gateway:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "1B2390C3-C319-4F05-8CF0-0D30F9931507", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_network_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "C154491E-06C7-48B0-AC1D-89BBDBDB902E", versionEndExcluding: "2.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_network_controller:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "1E98EC48-0CED-4E02-9CCB-06EF751F2BDC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_optimization_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "C569DC2A-CFF6-4E13-A50C-E215A4F96D99", versionEndExcluding: "2.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_optimization_engine:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "258A51AC-6649-4F67-A842-48A7AE4DCEE1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_platform_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "8DC22505-DE11-4A1B-8C06-1E306419B031", versionEndExcluding: "4.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_platform_infrastructure:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "9E31AC54-B928-48B5-8293-F5F4A7A8C293", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*", matchCriteriaId: "5B8AE870-6FD0-40D2-958B-548E2D7A7B75", versionEndExcluding: "2.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "68E7D83B-B6AC-45B1-89A4-D18D7A6018DD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:customer_experience_cloud_agent:*:*:*:*:*:*:*:*", matchCriteriaId: "17660B09-47AA-42A2-B5FF-8EBD8091C661", versionEndExcluding: "1.12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:*:*:*:*:*:*:*:*", matchCriteriaId: "FBEF9A82-16AE-437A-B8CF-CC7E9B6C4E44", versionEndExcluding: "4.0.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:data_center_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "843147AE-8117-4FE9-AE74-4E1646D55642", versionEndExcluding: "11.3\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:data_center_network_manager:11.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "7EB871C9-CA14-4829-AED3-CC2B35E99E92", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*", matchCriteriaId: "4FF8A83D-A282-4661-B133-213A8838FB27", versionEndExcluding: "2.1.2.8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*", matchCriteriaId: "139CDAA5-63E9-4E56-AF72-745BD88E4B49", versionEndExcluding: "2.2.2.8", versionStartIncluding: "2.2.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*", matchCriteriaId: "01FD99C4-BCB1-417E-ADCE-73314AD2E857", versionEndExcluding: "2.2.3.4", versionStartIncluding: "2.2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:dna_spaces\\:_connector:*:*:*:*:*:*:*:*", matchCriteriaId: "9031BE8A-646A-4581-BDE5-750FB0CE04CB", versionEndExcluding: "2.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*", matchCriteriaId: "15BED3E2-46FF-4E58-8C5D-4D8FE5B0E527", versionEndExcluding: "11.5\\(4\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*", matchCriteriaId: "7C950436-2372-4C4B-9B56-9CB48D843045", versionEndExcluding: "12.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0B61F186-D943-4711-B3E0-875BB570B142", versionEndIncluding: "4.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:*:*:*:*:*:*:*:*", matchCriteriaId: "2A285C40-170D-4C95-8031-2C6E4D5FB1D4", versionEndExcluding: "12.6\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:12.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "3C0F02B5-AA2A-48B2-AE43-38B45532C563", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:fog_director:-:*:*:*:*:*:*:*", matchCriteriaId: "830BDB28-963F-46C3-8D50-638FDABE7F64", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "54553C65-6BFA-40B1-958D-A4E3289D6B1D", versionEndExcluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:2.4.0:-:*:*:*:*:*:*", matchCriteriaId: "439948AD-C95D-4FC3-ADD1-C3D241529F12", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "9C2002AE-0F3C-4A06-9B9A-F77A9F700EB2", versionEndExcluding: "2.3.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "596A986D-E7DC-4FC4-A776-6FE87A91D7E4", versionEndExcluding: "1.0.9-361", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:iot_operations_dashboard:-:*:*:*:*:*:*:*", matchCriteriaId: "DD93434E-8E75-469C-B12B-7E2B6EDCAA79", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_assurance_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "78684844-4974-41AD-BBC1-961F60025CD2", versionEndExcluding: "6.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "3A00D235-FC9C-4EB7-A16C-BB0B09802E61", versionEndExcluding: "5.3.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "C60FDD1B-898E-4FCB-BDE2-45A7CBDBAF4F", versionEndExcluding: "5.4.5.2", versionStartIncluding: "5.4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "E7A33E5F-BBC7-4917-9C63-900248B546D9", versionEndExcluding: "5.5.4.1", versionStartIncluding: "5.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "12D98A7C-4992-4E58-A6BD-3D8173C8F2B0", versionEndExcluding: "5.6.3.1", versionStartIncluding: "5.6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:*", matchCriteriaId: "E2DDC1AF-31B5-4F05-B84F-8FD23BE163DA", versionEndExcluding: "2.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:nexus_insights:*:*:*:*:*:*:*:*", matchCriteriaId: "A4540CF6-D33E-4D33-8608-11129D6591FA", versionEndExcluding: "6.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:optical_network_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "129A7615-99E7-41F8-8EBC-CEDA10AD89AD", versionEndExcluding: "1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:*", matchCriteriaId: "5F46A7AC-C133-442D-984B-BA278951D0BF", versionEndExcluding: "11.6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:packaged_contact_center_enterprise:11.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "A1A75AB6-C3A7-4299-B35A-46A4BCD00816", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:*:*:*:*:*:*:*:*", matchCriteriaId: "0A73E888-C8C2-4AFD-BA60-566D45214BCA", versionEndExcluding: "14.4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_service_catalog:*:*:*:*:*:*:*:*", matchCriteriaId: "4B0D0FD0-ABC6-465F-AB8D-FA8788B1B2DD", versionEndExcluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*", matchCriteriaId: "D673F6F7-C42A-4538-96F0-34CB4F0CB080", versionEndExcluding: "20.3.4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*", matchCriteriaId: "FD374819-3CED-4260-90B6-E3C1333EAAD2", versionEndExcluding: "20.4.2.1", versionStartIncluding: "20.4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*", matchCriteriaId: "D2D89973-94AF-4BE7-8245-275F3FEB30F4", versionEndExcluding: "20.5.1.1", versionStartIncluding: "20.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*", matchCriteriaId: "91A9A889-2C2B-4147-8108-C35291761C15", versionEndExcluding: "20.6.2.1", versionStartIncluding: "20.6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:smart_phy:*:*:*:*:*:*:*:*", matchCriteriaId: "D0EEA1EC-C63C-4C7D-BFAE-BA4556332242", versionEndExcluding: "3.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central:*:*:*:*:*:*:*:*", matchCriteriaId: "ACE22D97-42FA-4179-99E5-C2EE582DB7FF", versionEndExcluding: "2.0\\(1p\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*", matchCriteriaId: "F6B5DB6D-9E7D-4403-8028-D7DA7493716B", versionEndExcluding: "6.8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "B98D7AD5-0590-43FB-8AC0-376C9C500C15", versionEndExcluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "D9DA1900-9972-4DFD-BE2E-74DABA1ED9A9", versionEndExcluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "42A41C41-A370-4C0E-A49D-AD42B2F3FB5C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:-:*:*:*", matchCriteriaId: "7E958AFF-185D-4D55-B74B-485BEAEC42FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:session_management:*:*:*", matchCriteriaId: "F770709C-FFB2-4A4E-A2D8-2EAA23F2E87C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "B85B81F9-8837-426E-8639-AB0712CD1A96", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "C1CCCD27-A247-4720-A2FE-C8ED55D1D0DE", versionEndExcluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "34D89C42-AAD9-4B04-9F95-F77681E39553", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*", matchCriteriaId: "897C8893-B0B6-4D6E-8D70-31B421D80B9A", versionEndExcluding: "11.6\\(2\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "91D62A73-21B5-4D16-A07A-69AED2D40CC0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*", matchCriteriaId: "B0492049-D3AC-4512-A4BF-C9C26DA72CB0", versionEndExcluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*", matchCriteriaId: "3868A8AA-6660-4332-AB0C-089C150D00E7", versionEndExcluding: "11.6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:11.6:*:*:*:*:*:*:*", matchCriteriaId: "58BD72D6-4A79-49C9-9652-AB0136A591FA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:12.0:*:*:*:*:*:*:*", matchCriteriaId: "A32761FD-B435-4E51-807C-2B245857F90E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:12.5:*:*:*:*:*:*:*", matchCriteriaId: "154F7F71-53C5-441C-8F5C-0A82CB0DEC43", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "65FD3873-2663-4C49-878F-7C65D4B8E455", versionEndExcluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:video_surveillance_operations_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0886FB04-24AA-4995-BA53-1E44F94E114E", versionEndExcluding: "7.14.4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:virtual_topology_system:*:*:*:*:*:*:*:*", matchCriteriaId: "C61805C1-1F73-462C-A9CA-BB0CA4E57D0B", versionEndExcluding: "2.6.7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5EB39834-0F6D-4BD7-AFEC-DD8BEE46DA50", versionEndExcluding: "3.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0B78DD21-15F2-47A4-8A99-6DB6756920AC", versionEndExcluding: "3.4.4", versionStartIncluding: "3.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:virtualized_voice_browser:*:*:*:*:*:*:*:*", matchCriteriaId: "7C6222EB-36E1-4CD5-BD69-5A921ED5DA6A", versionEndExcluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "C200CABD-F91B-49C4-A262-C56370E44B4C", versionEndExcluding: "7.3.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*", matchCriteriaId: "DE22BE9B-374E-43DC-BA91-E3B9699A4C7C", versionEndExcluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:*", matchCriteriaId: "61D1081F-87E8-4E8B-BEBD-0F239E745586", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "8D138973-02B0-4FEC-A646-FF1278DA1EDF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "30B55A5B-8C5E-4ECB-9C85-A8A3A3030850", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "14DBEC10-0641-441C-BE15-8F72C1762DCE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:-:*:*:*:*:*", matchCriteriaId: "205C1ABA-2A4F-480F-9768-7E3EC43B03F5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch4:*:*:*:*:*:*", matchCriteriaId: "D36FE453-C43F-448B-8A59-668DE95468C0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch5:*:*:*:*:*:*", matchCriteriaId: "E8DF0944-365F-4149-9059-BDFD6B131DC5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_2:*:*:*:*:*:*", matchCriteriaId: "6B37AA08-13C7-4FD0-8402-E344A270C8F7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_3:*:*:*:*:*:*", matchCriteriaId: "2AA56735-5A5E-4D8C-B09D-DBDAC2B5C8E9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4:*:*:*:*:*:*", matchCriteriaId: "4646849B-8190-4798-833C-F367E28C1881", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*", matchCriteriaId: "4D6CF856-093A-4E89-A71D-50A2887C265B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "B36A9043-0621-43CD-BFCD-66529F937859", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "8842B42E-C412-4356-9F54-DFC53B683D3E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "D25BC647-C569-46E5-AD45-7E315EBEB784", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:workload_optimization_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B468EDA1-CDEF-44D4-9D62-C433CF27F631", versionEndExcluding: "3.2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*", matchCriteriaId: "C90C6CD1-4678-4621-866B-F0CE819C8000", versionEndExcluding: "12.6\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_sip_proxy:*:*:*:*:*:*:*:*", matchCriteriaId: "9E4905E2-2129-469C-8BBD-EDA258815E2B", versionEndExcluding: "10.2.1v2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_workforce_optimization:*:*:*:*:*:*:*:*", matchCriteriaId: "EC86AC6C-7C08-4EB9-A588-A034113E4BB1", versionEndExcluding: "11.5\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFE3880-4B85-4E23-9836-70875D5109F7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*", matchCriteriaId: "727A02E8-40A1-4DFE-A3A2-91D628D3044F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*", matchCriteriaId: "19F6546E-28F4-40DC-97D6-E0E023FE939B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*", matchCriteriaId: "EB3B0EC3-4654-4D90-9D41-7EC2AD1DDF99", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*", matchCriteriaId: "52D96810-5F79-4A83-B8CA-D015790FCF72", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*", matchCriteriaId: "16FE2945-4975-4003-AE48-7E134E167A7F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*", matchCriteriaId: "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*", matchCriteriaId: "976901BF-C52C-4F81-956A-711AF8A60140", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*", matchCriteriaId: "A0CBC7F5-7767-43B6-9384-BE143FCDBD7F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*", matchCriteriaId: "957D64EB-D60E-4775-B9A8-B21CA48ED3B1", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*", matchCriteriaId: "A694AD51-9008-4AE6-8240-98B17AB527EE", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*", matchCriteriaId: "38AE6DC0-2B03-4D36-9856-42530312CC46", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*", matchCriteriaId: "71DCEF22-ED20-4330-8502-EC2DD4C9838F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*", matchCriteriaId: "3DB2822B-B752-4CD9-A178-934957E306B4", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*", matchCriteriaId: "81F4868A-6D62-479C-9C19-F9AABDBB6B24", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*", matchCriteriaId: "65378F3A-777C-4AE2-87FB-1E7402F9EA1B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*", matchCriteriaId: "07DAFDDA-718B-4B69-A524-B0CEB80FE960", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:fxos:6.2.3:*:*:*:*:*:*:*", matchCriteriaId: "82C8AD48-0130-4C20-ADEC-697668E2293B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fxos:6.3.0:*:*:*:*:*:*:*", matchCriteriaId: "4E75EF7C-8D71-4D70-91F0-74FC99A90CC3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fxos:6.4.0:*:*:*:*:*:*:*", matchCriteriaId: "2DB7EE7D-8CB4-4804-9F9D-F235608E86E1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fxos:6.5.0:*:*:*:*:*:*:*", matchCriteriaId: "77571973-2A94-4E15-AC5B-155679C3C565", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fxos:6.6.0:*:*:*:*:*:*:*", matchCriteriaId: "CA405A50-3F31-48ED-9AF1-4B02F5B367DE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fxos:6.7.0:*:*:*:*:*:*:*", matchCriteriaId: "D3753953-04E8-4382-A6EC-CD334DD83CF4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fxos:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B4A5F89F-1296-4A0F-A36D-082A481F190F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fxos:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F50F48AF-44FF-425C-9685-E386F956C901", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:automated_subsea_tuning:02.01.00:*:*:*:*:*:*:*", matchCriteriaId: "A4D28E76-56D4-4C9A-A660-7CD7E0A1AC9F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:broadworks:-:*:*:*:*:*:*:*", matchCriteriaId: "CD975A0E-00A6-475E-9064-1D64E4291499", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_suite:4.10\\(0.15\\):*:*:*:*:*:*:*", matchCriteriaId: "2E50AC21-DA54-4BC8-A503-1935FD1714C7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_suite:5.3\\(0\\):*:*:*:*:*:*:*", matchCriteriaId: "4D05E169-4AF1-4127-A917-056EC2CE781B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_suite:5.4\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "8AD415A2-422E-4F15-A177-C3696FEAFF0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_suite:5.5\\(0\\):*:*:*:*:*:*:*", matchCriteriaId: "134443B7-7BA8-4B50-8874-D4BF931BECFD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_suite:5.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "73ADF6EA-CD29-4835-8D72-84241D513AFF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.000\\):*:*:*:*:*:*:*", matchCriteriaId: "BAC1A386-04C7-45B2-A883-1CD9AB60C14B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.001\\):*:*:*:*:*:*:*", matchCriteriaId: "3F0F1639-D69E-473A-8926-827CCF73ACC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.002\\):*:*:*:*:*:*:*", matchCriteriaId: "F4FDF900-E9D6-454A-BF6B-821620CA59F4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.000\\):*:*:*:*:*:*:*", matchCriteriaId: "1859BD43-BA2B-45A5-B523-C6BFD34C7B01", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.001\\):*:*:*:*:*:*:*", matchCriteriaId: "1EBC145C-9A2F-4B76-953E-0F690314511C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.002\\):*:*:*:*:*:*:*", matchCriteriaId: "158B7A53-FEC1-4B42-A1E2-E83E99564B07", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:002.010\\(000.000\\):*:*:*:*:*:*:*", matchCriteriaId: "3A378971-1A08-4914-B012-8E24DCDEFC68", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.004.000.003:*:*:*:*:*:*:*", matchCriteriaId: "4E5CC012-DC85-481A-B82A-9323C19674DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.:*:*:*:*:*:*:*", matchCriteriaId: "76CF59ED-685D-46CD-80A2-AEDA4F03FE53", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.000:*:*:*:*:*:*:*", matchCriteriaId: "960B07C0-E205-47E7-B578-46A0AF559D04", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.000.001:*:*:*:*:*:*:*", matchCriteriaId: "A1A194E1-405E-47FA-8CDF-58EB78883ACC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.001.000:*:*:*:*:*:*:*", matchCriteriaId: "2E628231-61FB-40AF-A20B-00F5CB78E63B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.002.000:*:*:*:*:*:*:*", matchCriteriaId: "2EA25E92-2C76-4722-BA06-53F33C0D961C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:7.3:*:*:*:*:*:*:*", matchCriteriaId: "51D2940A-0D03-415B-B72E-1F6862DDAC41", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.000:*:*:*:*:*:*:*", matchCriteriaId: "8B346ADC-00BE-4409-B658-A11351D2A7D4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.001.001:*:*:*:*:*:*:*", matchCriteriaId: "5A0E44A9-C427-493B-868A-8A8DA405E759", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.003:*:*:*:*:*:*:*", matchCriteriaId: "B2B31E7C-0EB3-4996-8859-DF94A3EE20B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000:*:*:*:*:*:*:*", matchCriteriaId: "3EAB3E03-275F-4942-9396-FC7A22F42C8D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000.000.004:*:*:*:*:*:*:*", matchCriteriaId: "19DAD751-D170-4914-BAB2-6054DFEEF404", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_network_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "2F429F37-3576-4D8A-9901-359D65EC3CF4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_network_automation:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F526DEF1-4A3E-4FE1-8153-E9252DAE5B92", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_network_automation:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C19679D0-F4DC-4130-AFFD-692E5130531A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_network_automation:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "60D2FBF3-D8AB-41F0-B170-9E56FBF7E2F7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_network_automation:4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "F60324DD-8450-4B14-A7A1-0D5EA5163580", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cx_cloud_agent:001.012:*:*:*:*:*:*:*", matchCriteriaId: "12F6DFD1-273B-4292-A22C-F2BE0DD3FB3F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cyber_vision:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "13EA024C-97A4-4D33-BC3E-51DB77C51E76", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "85289E35-C7C2-46D0-9BDC-10648DD2C86F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:dna_center:2.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "17282822-C082-4FBC-B46D-468DCF8EF6B8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:dna_spaces:-:*:*:*:*:*:*:*", matchCriteriaId: "F5463DA6-5D44-4C32-B46C-E8A2ADD7646B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:dna_spaces_connector:-:*:*:*:*:*:*:*", matchCriteriaId: "54A237CF-A439-4114-AF81-D75582F29573", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:11.5:*:*:*:*:*:*:*", matchCriteriaId: "A37D19BF-E4F5-4AF4-8942-0C3B62C4BF2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:11.5\\(4.65000.14\\):*:*:*:*:*:*:*", matchCriteriaId: "EF25688B-6659-4C7C-866D-79AA1166AD7A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:11.5\\(4.66000.14\\):*:*:*:*:*:*:*", matchCriteriaId: "47B70741-90D9-4676-BF16-8A21E147F532", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:enterprise_chat_and_email:12.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "ED862A1B-E558-4D44-839C-270488E735BB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:enterprise_chat_and_email:12.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "2678AF98-1194-4810-9933-5BA50E409F88", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:enterprise_chat_and_email:12.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "37E7DEBD-9E47-4D08-86BC-D1B013450A98", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0:*:*:*:*:*:*:*", matchCriteriaId: "1A935862-18F7-45FE-B647-1A9BA454E304", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1:*:*:*:*:*:*:*", matchCriteriaId: "69594997-2568-4C10-A411-69A50BFD175F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0:*:*:*:*:*:*:*", matchCriteriaId: "1EC39E2D-C47B-4311-BC7B-130D432549F4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1:*:*:*:*:*:*:*", matchCriteriaId: "EE5E6CBE-D82C-4001-87CB-73DF526F0AB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "460E6456-0E51-45BC-868E-DEEA5E3CD366", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1:*:*:*:*:*:*:*", matchCriteriaId: "F7F58659-A318-42A0-83C5-8F09FCD78982", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su1:*:*:*:*:*:*", matchCriteriaId: "D8A49E46-8501-4697-A17A-249A7D9F5A0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su2:*:*:*:*:*:*", matchCriteriaId: "5D81E7A9-0C2B-4603-91F0-ABF2380DBBA3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:12.6\\(1\\):-:*:*:*:*:*:*", matchCriteriaId: "4DFCE723-9359-40C7-BA35-B71BDF8E3CF3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es01:*:*:*:*:*:*", matchCriteriaId: "28B1524E-FDCA-4570-86DD-CE396271B232", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es02:*:*:*:*:*:*", matchCriteriaId: "74DC6F28-BFEF-4D89-93D5-10072DAC39C8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es03:*:*:*:*:*:*", matchCriteriaId: "BA1D60D7-1B4A-4EEE-A26C-389D9271E005", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:*:*:*:*:*:*:*", matchCriteriaId: "1D726F07-06F1-4B0A-B010-E607E0C2A280", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:*:*:*:*:*:*:*", matchCriteriaId: "3ED58B0E-FCC7-48E3-A5C0-6CC54A38BAE3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:*:*:*:*:*:*:*", matchCriteriaId: "B2DF0B07-8C2A-4341-8AFF-DE7E5E5B3A43", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:6.5.0:*:*:*:*:*:*:*", matchCriteriaId: "41E168ED-D664-4749-805E-77644407EAFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*", matchCriteriaId: "DCD69468-8067-4A5D-B2B0-EC510D889AA0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:*:*:*:*:*:*:*", matchCriteriaId: "85F22403-B4EE-4303-9C94-915D3E0AC944", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "BBCA75A6-0A3E-4393-8884-9F3CE190641E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D619BF54-1BA9-45D0-A876-92D7010088A0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:002.004\\(000.914\\):-:*:*:*:*:*:*", matchCriteriaId: "808F8065-BD3A-4802-83F9-CE132EDB8D34", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:002.006\\(000.156\\):-:*:*:*:*:*:*", matchCriteriaId: "B236B13E-93B9-424E-926C-95D3DBC6CA5D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:002.007\\(000.356\\):-:*:*:*:*:*:*", matchCriteriaId: "8A63CC83-0A6E-4F33-A1BE-214A33B51518", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:003.000\\(000.458\\):-:*:*:*:*:*:*", matchCriteriaId: "37DB7759-6529-46DE-B384-10F060D86A97", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:003.001\\(000.518\\):-:*:*:*:*:*:*", matchCriteriaId: "8C640AD9-146E-488A-B166-A6BB940F97D3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:003.002\\(000.116\\):-:*:*:*:*:*:*", matchCriteriaId: "DAC1FA7E-CB1B-46E5-A248-ABACECFBD6E8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:002.003\\(002.000\\):*:*:*:*:*:*:*", matchCriteriaId: "7C3BD5AF-9FC1-494B-A676-CC3D4B8EAC8D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "F477CACA-2AA0-417C-830D-F2D3AE93153A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-343:*:*:*:*:*:*:*", matchCriteriaId: "7E3BE5E1-A6B6-46C7-B93B-8A9F5AEA2731", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:mobility_services_engine:-:*:*:*:*:*:*:*", matchCriteriaId: "04E0BB7B-0716-4DBD-89B9-BA11AAD77C00", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_assurance_engine:6.0\\(2.1912\\):*:*:*:*:*:*:*", matchCriteriaId: "64C98A76-0C31-45E7-882B-35AE0D2C5430", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "379F8D86-BE87-4250-9E85-494D331A0398", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "71F69E51-E59D-4AE3-B242-D6D2CFDB3F46", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.2\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "578DA613-8E15-4748-A4B7-646415449609", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "544EFAD6-CE2F-4E1D-9A00-043454B72889", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.4\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "2E16DF9C-3B64-4220-82B6-6E20C7807BAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B9CD5B8A-9846-48F1-9495-77081E44CBFC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "68E6CD49-6F71-4E17-B046-FBE91CE91CB7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "0BDD8018-7E77-4C89-917E-ACDC678A7DE2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_insights_for_data_center:6.0\\(2.1914\\):*:*:*:*:*:*:*", matchCriteriaId: "A7D39156-A47D-405E-8C02-CAE7D637F99A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_services_orchestrator:-:*:*:*:*:*:*:*", matchCriteriaId: "5426FC59-411D-4963-AFEF-5B55F68B8958", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:optical_network_controller:1.1:*:*:*:*:*:*:*", matchCriteriaId: "810E9A92-4302-4396-94D3-3003947DB2A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:8.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "522C36A5-7520-4368-BD92-9AB577756493", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:8.4\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "CB2EC4BE-FFAF-4605-8A96-2FEF35975540", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "CA1D3C2A-E5FA-400C-AC01-27A3E5160477", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:9.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "63B27050-997B-4D54-8E5A-CE9E33904318", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:9.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "5ABF05B8-1B8A-4CCF-A1AD-D8602A247718", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:9.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "2F74580D-0011-4ED9-9A00-B4CDB6685154", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:12.5\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "17A3C22E-1980-49B6-8985-9FA76A77A836", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:14.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B1AB42DC-CE58-448A-A6B5-56F31B15F4A0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_service_catalog:12.1:*:*:*:*:*:*:*", matchCriteriaId: "9DC32B55-0C76-4669-8EAD-DCC16355E887", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:20.3:*:*:*:*:*:*:*", matchCriteriaId: "6CDA737F-337E-4C30-B68D-EF908A8D6840", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:20.4:*:*:*:*:*:*:*", matchCriteriaId: "9DC5A89C-CCCF-49EC-B4FC-AB98ACB79233", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:20.5:*:*:*:*:*:*:*", matchCriteriaId: "4BA4F513-CBA1-4523-978B-D498CEDAE0CF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:20.6:*:*:*:*:*:*:*", matchCriteriaId: "6C53C6FD-B98E-4F7E-BA4D-391C90CF9E83", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:20.6.1:*:*:*:*:*:*:*", matchCriteriaId: "D00F6719-2C73-4D8D-8505-B9922E8A4627", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:20.7:*:*:*:*:*:*:*", matchCriteriaId: "EFE9210F-39C5-4828-9608-6905C1D378D4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:20.8:*:*:*:*:*:*:*", matchCriteriaId: "A1CEDCE4-CFD1-434B-B157-D63329CBA24A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:smart_phy:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "33660EB8-2984-4258-B8AD-141B7065C85E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:smart_phy:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "0ACA346D-5103-47F0-8BD9-7A8AD9B92E98", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:smart_phy:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "A38BDF03-23C8-4BB6-A44D-68818962E7CB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:smart_phy:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "3104C099-FEDA-466B-93CC-D55F058F7CD3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:smart_phy:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "890EA1C7-5990-4C71-857F-197E6F5B4089", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:smart_phy:21.3:*:*:*:*:*:*:*", matchCriteriaId: "56F21CF4-83FE-4529-9871-0FDD70D3095E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B9331834-9EAD-46A1-9BD4-F4027E49D0C3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "0E707E44-12CD-46C3-9124-639D0265432E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "2FEE8482-DB64-4421-B646-9E5F560D1712", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1c\\):*:*:*:*:*:*:*", matchCriteriaId: "4385CE6E-6283-4621-BBD9-8E66E2A34843", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1d\\):*:*:*:*:*:*:*", matchCriteriaId: "9A6CDBD4-889B-442D-B272-C8E9A1B6AEC0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1e\\):*:*:*:*:*:*:*", matchCriteriaId: "FF1E59F9-CF4F-4EFB-872C-5F503A04CCF4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1f\\):*:*:*:*:*:*:*", matchCriteriaId: "1782219F-0C3D-45B7-80C7-D1DAA70D90B1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1g\\):*:*:*:*:*:*:*", matchCriteriaId: "DDAB3BAD-1EC6-4101-A58D-42DA48D04D0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1h\\):*:*:*:*:*:*:*", matchCriteriaId: "8F7AA674-6BC2-490F-8D8A-F575B11F4BE0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1k\\):*:*:*:*:*:*:*", matchCriteriaId: "6945C4DE-C070-453E-B641-2F5B9CFA3B6D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1l\\):*:*:*:*:*:*:*", matchCriteriaId: "DAB8C7C0-D09B-4232-A88E-57D25AF45457", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.17900.52\\):*:*:*:*:*:*:*", matchCriteriaId: "ACEDB7B4-EBD4-4A37-9EE3-07EE3B46BE44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.18119.2\\):*:*:*:*:*:*:*", matchCriteriaId: "820D579C-AA45-4DC1-945A-748FFCD51CA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.18900.97\\):*:*:*:*:*:*:*", matchCriteriaId: "7B23A9A6-CD04-4D76-BE3F-AFAFBB525F5E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.21900.40\\):*:*:*:*:*:*:*", matchCriteriaId: "A44E6007-7A3A-4AD3-9A65-246C59B73FB6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.22900.28\\):*:*:*:*:*:*:*", matchCriteriaId: "3D508E51-4075-4E34-BB7C-65AF9D56B49F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_\\&_presence_service:11.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "376D06D5-D68E-4FF0-97E5-CBA2165A05CF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_\\&_presence_service:11.5\\(1.22900.6\\):*:*:*:*:*:*:*", matchCriteriaId: "18ED6B8F-2064-4BBA-A78D-4408F13C724D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_computing_system:006.008\\(001.000\\):*:*:*:*:*:*:*", matchCriteriaId: "94091FE3-AB88-4CF5-8C4C-77B349E716A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "91D62A73-21B5-4D16-A07A-69AED2D40CC0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "53F1314A-9A2C-43DC-8203-E4654EF013CC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "0ADE468B-8F0C-490D-BB4C-358D947BA8E4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "32FEE78D-309E-491D-9AB6-98005F1CBF49", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "878D9901-675D-4444-B094-0BA505E7433F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):-:*:*:*:*:*:*", matchCriteriaId: "66E25EE4-AB7B-42BF-A703-0C2E83E83577", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):su1:*:*:*:*:*:*", matchCriteriaId: "D8F35520-F04A-4863-A1BC-0EDD2D1804F7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_express:12.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "EF9855FD-7747-4D9E-9542-703B1EC9A382", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_express:12.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "E07AF386-D8A5-44F5-A418-940C9F88A36A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_management_portal:12.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "113C77DA-AC22-4D67-9812-8510EFC0A95F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:11.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "4BE221AB-A3B0-4CFF-9BC0-777773C2EF63", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:12.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "15941265-1E7E-4C3E-AF1D-027C5E0D3141", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:12.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "54AA2B0C-92A1-4B53-88D7-6E31120F5041", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:12.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD7207-85FB-4484-8720-4D11F296AC10", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):-:*:*:*:*:*:*", matchCriteriaId: "62E009C4-BE3E-4A14-91EF-8F667B2220A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):es01:*:*:*:*:*:*", matchCriteriaId: "088512E1-434D-4685-992E-192A98ECAD9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):es02:*:*:*:*:*:*", matchCriteriaId: "50A7BBC6-077C-4182-AA7A-577C4AAC3CD8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(2\\):-:*:*:*:*:*:*", matchCriteriaId: "E0536F45-3A49-4F93-942E-AF679DFC7017", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_sip_proxy:010.000\\(000\\):*:*:*:*:*:*:*", matchCriteriaId: "3D54794B-6CD5-46D7-B9E9-62A642143562", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_sip_proxy:010.000\\(001\\):*:*:*:*:*:*:*", matchCriteriaId: "BE844DCA-FF52-43F5-BDD9-836A812A8CFF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_sip_proxy:010.002\\(000\\):*:*:*:*:*:*:*", matchCriteriaId: "07B261EB-CA63-4796-BD15-A6770FD68B34", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_sip_proxy:010.002\\(001\\):*:*:*:*:*:*:*", matchCriteriaId: "29F9067A-B86C-4A6B-ACB7-DB125E04B795", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_workforce_optimization:11.5\\(1\\):sr7:*:*:*:*:*:*", matchCriteriaId: "FAC4CC92-8BA0-4D96-9C48-5E311CDED53F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:11.5:*:*:*:*:*:*:*", matchCriteriaId: "8F2437A5-217A-4CD1-9B72-A31BDDC81F42", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "9C3CFF0D-BD70-4353-AE2F-6C55F8DE56A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(1.26\\):*:*:*:*:*:*:*", matchCriteriaId: "2CE47760-0E71-4FCA-97D1-CF0BB71CAC17", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(2.26\\):*:*:*:*:*:*:*", matchCriteriaId: "89B2D4F5-CB86-4B25-8C14-CED59E8A3F22", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(3.025\\):*:*:*:*:*:*:*", matchCriteriaId: "B150B636-6267-4504-940F-DC37ABEFB082", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(4.018\\):*:*:*:*:*:*:*", matchCriteriaId: "D00B9911-A7CA-467E-B7A3-3AF31828D5D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:virtual_topology_system:2.6.6:*:*:*:*:*:*:*", matchCriteriaId: "B67C08C3-412F-4B7F-B98C-EEAEE77CBE4B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.1.3:*:*:*:*:*:*:*", matchCriteriaId: "6D428C9B-53E1-4D26-BB4D-57FDE02FA613", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "CDB41596-FACF-440A-BB6C-8CAD792EC186", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "D8C88EE2-5702-4E8B-A144-CB485435FD62", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.2.3:*:*:*:*:*:*:*", matchCriteriaId: "1BC62844-C608-4DB1-A1AD-C1B55128C560", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.3:*:*:*:*:*:*:*", matchCriteriaId: "EFF2FFA4-358A-4F33-BC67-A9EF8A30714E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.4:*:*:*:*:*:*:*", matchCriteriaId: "53C0BBDE-795E-4754-BB96-4D6D4B5A804F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.5:*:*:*:*:*:*:*", matchCriteriaId: "7A41E377-16F9-423F-8DC2-F6EDD54E1069", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.6:*:*:*:*:*:*:*", matchCriteriaId: "F0C2789E-255B-45D9-9469-B5B549A01F53", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:*:*:*:*:*:*:*", matchCriteriaId: "EFAFEC61-2128-4BFA-992D-54742BD4911A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:4.0:*:*:*:*:*:*:*", matchCriteriaId: "F12AF70E-2201-4F5D-A929-A1A057B74252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:snowsoftware:snow_commander:*:*:*:*:*:*:*:*", matchCriteriaId: "A2CBCDC4-02DF-47F4-A01C-7CBCB2FF0163", versionEndExcluding: "8.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:snowsoftware:vm_access_proxy:*:*:*:*:*:*:*:*", matchCriteriaId: "C42D44C8-9894-4183-969B-B38FDA1FEDF9", versionEndExcluding: "3.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bentley:synchro:*:*:*:*:pro:*:*:*", matchCriteriaId: "452D8730-F273-4AB4-9221-E82EC2CAAFD8", versionEndExcluding: "6.2.4.2", versionStartIncluding: "6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:bentley:synchro_4d:*:*:*:*:pro:*:*:*", matchCriteriaId: "F2EF5054-EECB-4489-B27A-AACB96B25B97", versionEndExcluding: "6.4.3.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:percussion:rhythmyx:*:*:*:*:*:*:*:*", matchCriteriaId: "16E0A04D-30BE-4AB3-85A1-13AF614C425C", versionEndIncluding: "7.3.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", matchCriteriaId: "E0755E91-2F36-4EC3-8727-E8BF0427E663", versionEndExcluding: "13.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.", }, { lang: "es", value: "Las características JNDI de Apache Log4j2 2.0-beta9 hasta 2.15.0 (excluyendo las versiones de seguridad 2.12.2, 2.12.3 y 2.3.1) utilizadas en la configuración, los mensajes de registro y los parámetros no protegen contra LDAP controlado por un atacante y otros puntos finales relacionados con JNDI. Un atacante que pueda controlar los mensajes de registro o los parámetros de los mensajes de registro puede ejecutar código arbitrario cargado desde servidores LDAP cuando la sustitución de la búsqueda de mensajes está habilitada. A partir de la versión 2.15.0 de log4j, este comportamiento ha sido deshabilitado por defecto. A partir de la versión 2.16.0 (junto con las versiones 2.12.2, 2.12.3 y 2.3.1), esta funcionalidad se ha eliminado por completo. Tenga en cuenta que esta vulnerabilidad es específica de log4j-core y no afecta a log4net, log4cxx u otros proyectos de Apache Logging Services", }, ], id: "CVE-2021-44228", lastModified: "2025-04-03T20:53:22.977", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2021-12-10T10:15:09.143", references: [ { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", "Broken Link", ], url: "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Dec/2", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Jul/11", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Mar/23", }, { source: "security@apache.org", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/1", }, { source: "security@apache.org", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/2", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/3", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/1", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/2", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/14/4", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/15/3", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://github.com/cisagov/log4j-affected-db", }, { source: "security@apache.org", tags: [ "Broken Link", "Product", "US Government Resource", ], url: "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html", }, { source: "security@apache.org", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/", }, { source: "security@apache.org", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/", }, { source: "security@apache.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211210-0007/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213189", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Broken Link", "Exploit", "Third Party Advisory", ], url: "https://twitter.com/kurtseifried/status/1469345530182455296", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-5020", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", "Broken Link", ], url: "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Dec/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Jul/11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Mar/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/14/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/15/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/cisagov/log4j-affected-db", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Product", "US Government Resource", ], url: "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211210-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213189", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", "Third Party Advisory", ], url: "https://twitter.com/kurtseifried/status/1469345530182455296", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-5020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-400", }, { lang: "en", value: "CWE-502", }, ], source: "security@apache.org", type: "Primary", }, { description: [ { lang: "en", value: "CWE-917", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-05 14:29
Modified
2024-11-21 03:50
Severity ?
Summary
A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient restrictions on the size or total amount of resources allowed via the web interface. An attacker who has valid credentials for the application could exploit this vulnerability by sending a crafted or malformed HTTP request to the web interface. A successful exploit could allow the attacker to cause oversubscription of system resources or cause a component to become unresponsive, resulting in a DoS condition.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_computing_system_director | 6.6\(0.0\) | |
| cisco | integrated_management_controller_supervisor | 2.1\(0.0\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_computing_system_director:6.6\\(0.0\\):*:*:*:*:*:*:*", matchCriteriaId: "DFE8E563-553A-417B-992D-AFBAF8EE0830", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.1\\(0.0\\):*:*:*:*:*:*:*", matchCriteriaId: "9FEA6276-EEF3-4D27-B61C-EA632F6520D0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient restrictions on the size or total amount of resources allowed via the web interface. An attacker who has valid credentials for the application could exploit this vulnerability by sending a crafted or malformed HTTP request to the web interface. A successful exploit could allow the attacker to cause oversubscription of system resources or cause a component to become unresponsive, resulting in a DoS condition.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz web de Cisco Integrated Management Controller (IMC) Supervisor y Cisco UCS Director podría permitir que un atacante remoto autenticado provoque una denegación de servicio (DoS) en un sistema afectado. La vulnerabilidad se debe a las restricciones insuficientes en el tamaño o en la cantidad total de recursos permitidos mediante la interfaz web. Un atacante que cuente con credenciales válidas para la aplicación podría explotar esta vulnerabilidad enviando una petición HTTP manipulada o mal formada a la interfaz web. Su explotación con éxito podría permitir que el atacante provoque la suscripción excesiva de recursos del dispositivo o haga que un componente deje de responder, provocando una denegación de servicio (DoS).", }, ], id: "CVE-2018-15404", lastModified: "2024-11-21T03:50:43.043", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-05T14:29:08.793", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-imcs-ucsd-dos", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-imcs-ucsd-dos", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-21 19:15
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by sending crafted authenticated commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary commands on an affected device with root privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_computing_system | 4.0\(1c\)hs3 | |
| cisco | integrated_management_controller_supervisor | * | |
| cisco | integrated_management_controller_supervisor | * | |
| cisco | ucs_c125_m5 | - | |
| cisco | ucs_c4200 | - | |
| cisco | ucs_s3260 | - | |
| cisco | integrated_management_controller_supervisor | * | |
| cisco | ucs_c125_m5 | - | |
| cisco | ucs_c4200 | - | |
| cisco | ucs_s3260 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\)hs3:*:*:*:*:*:*:*", matchCriteriaId: "39F8601E-730B-489B-AD2A-FD10FAF28595", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "0056011A-04F0-4185-8EE7-B1B30CAAA863", versionEndExcluding: "3.0\\(4k\\)", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "59EE9E78-D09E-4069-BC84-ED42E3EE76F1", versionEndExcluding: "4.0\\(4b\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "F5549F4C-CF65-4F22-9675-EFAA99964CA0", versionEndExcluding: "4.0\\(2f\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by sending crafted authenticated commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary commands on an affected device with root privileges.", }, { lang: "es", value: "Una vulnerabilidad en el protocolo Redfish de Cisco Integrated Management Controller (IMC) podría permitir que un atacante remoto autenticado inyecte y ejecute comandos arbitrarios con privilegios de root en un dispositivo afectado. La vulnerabilidad se debe a una validación insuficiente de las entradas proporcionadas por el usuario por el software afectado. Un atacante podría aprovechar esta vulnerabilidad enviando comandos autenticados diseñados a la interfaz de administración basada en web del software afectado. Una explotación exitosa podría permitir al atacante inyectar y ejecutar comandos arbitrarios en un dispositivo afectado con privilegios de root.", }, ], id: "CVE-2019-1885", lastModified: "2024-11-21T04:37:36.810", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-21T19:15:14.840", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-cimc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-cimc", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-21 19:15
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker with read-only privileges to gain administrator privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_computing_system | 4.0\(1c\)hs3 | |
| cisco | integrated_management_controller_supervisor | * | |
| cisco | ucs_c125_m5 | - | |
| cisco | ucs_c4200 | - | |
| cisco | ucs_s3260 | - | |
| cisco | integrated_management_controller_supervisor | * | |
| cisco | ucs_c125_m5 | - | |
| cisco | ucs_c4200 | - | |
| cisco | ucs_s3260 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\)hs3:*:*:*:*:*:*:*", matchCriteriaId: "39F8601E-730B-489B-AD2A-FD10FAF28595", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "DD9C909F-87AB-42FF-8AD3-87A6CACFF54C", versionEndExcluding: "4.0\\(4b\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "70B31556-F30D-4040-A7D7-87661BC4CBC9", versionEndExcluding: "4.0\\(2f\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker with read-only privileges to gain administrator privileges.", }, { lang: "es", value: "Una vulnerabilidad en el servidor web de Cisco Integrated Management Controller (IMC) podría permitir que un atacante remoto autenticado establezca valores de configuración confidenciales y obtenga privilegios elevados. La vulnerabilidad se debe al manejo inadecuado de las operaciones de comparación de subcadenas que realiza el software afectado. Un atacante podría aprovechar esta vulnerabilidad enviando una solicitud HTTP diseñada al software afectado. Una explotación exitosa podría permitir al atacante con privilegios de solo lectura obtener privilegios de administrador.", }, ], id: "CVE-2019-1907", lastModified: "2024-11-21T04:37:39.700", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-21T19:15:15.170", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privescal", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privescal", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-21 19:15
Modified
2024-11-21 04:23
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inability to maintain a session in the web-based management portal.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | integrated_management_controller_supervisor | * | |
| cisco | ucs_director | * | |
| cisco | ucs_director | 6.6.0.0 | |
| cisco | ucs_director | 6.6.1.0 | |
| cisco | ucs_director_express_for_big_data | * | |
| cisco | ucs_director_express_for_big_data | 3.6.0.0 | |
| cisco | ucs_director_express_for_big_data | 3.6.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "4352B424-3852-466D-97BD-D7D678F4BAC9", versionEndIncluding: "2.2.0.6", versionStartIncluding: "2.2.0.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*", matchCriteriaId: "4E66FC72-9589-46A8-AC73-6A4A9BFE9FC1", versionEndIncluding: "6.7.2.0", versionStartIncluding: "6.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:6.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F95E9D60-7976-4CFB-B36B-0BC6675FA383", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:6.6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "4E99B2DD-0E27-42FE-AE41-BE9FE8E78D4F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:*:*:*:*:*:*:*:*", matchCriteriaId: "7317CA7D-B1A0-4F83-BA5F-6155459C8583", versionEndIncluding: "3.7.2.0", versionStartIncluding: "3.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:3.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "451ABC79-936F-469E-B1D8-ADB3EDCA52F3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:3.6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "6C918805-0026-4780-A8E2-8BC85A8F7282", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inability to maintain a session in the web-based management portal.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en la web del Supervisor del Controlador Integrado de Administración de Cisco (IMC), el Director de Cisco UCS y el Director de Cisco UCS Express para Big Data podría permitir que un atacante remoto no autenticado cause una condición de denegación de servicio (DoS). La vulnerabilidad se debe a una falta de verificación de autenticación en una llamada a la API. Un atacante que puede enviar una solicitud a un sistema afectado podría hacer que todos los usuarios autenticados actualmente cierren sesión. La explotación repetida podría causar la incapacidad de mantener una sesión en el portal de administración basado en la web.", }, ], id: "CVE-2019-12634", lastModified: "2024-11-21T04:23:13.987", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-21T19:15:13.387", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-imc-dos", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-imc-dos", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-12-15 05:59
Modified
2025-04-12 10:46
Severity ?
Summary
The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | integrated_management_controller_supervisor | 1.0.0.0 | |
| cisco | integrated_management_controller_supervisor | 1.0.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:1.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "1BA5D38B-4F09-40F4-B17D-88EA63BA89A8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:1.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E59EE6E6-6153-4AA4-9464-9FA8C34600C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286.", }, { lang: "es", value: "El Supervisor 1.0.0.0 y 1.0.0.1 en Cisco Integrated Management Controller (IMC) en versiones anteriores a 2.0(9) permite a usuarios remotos autenticados causar una denegación de servicio (interrupción de interfaz IP) a través de parámetros manipulados en una petición HTTP, también conocido como Bug ID CSCuv38286.", }, ], id: "CVE-2015-6399", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 6.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-12-15T05:59:03.883", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-imc", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/108851", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/79031", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1038475", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-imc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/108851", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/79031", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038475", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-21 19:15
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by invoking an interface monitoring mechanism with a crafted argument on the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\)hs3:*:*:*:*:*:*:*", matchCriteriaId: "39F8601E-730B-489B-AD2A-FD10FAF28595", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "AD570463-F539-47E7-B455-9376BD3EE99D", versionEndExcluding: "1.5\\(9g\\)", versionStartIncluding: "1.5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "416F7C96-3EF0-4B6D-B414-3FC0D0848144", versionEndExcluding: "2.0\\(13o\\)", versionStartIncluding: "2.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "0056011A-04F0-4185-8EE7-B1B30CAAA863", versionEndExcluding: "3.0\\(4k\\)", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "59EE9E78-D09E-4069-BC84-ED42E3EE76F1", versionEndExcluding: "4.0\\(4b\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*", matchCriteriaId: "678F3A32-372A-441E-8115-95181FBAF628", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*", matchCriteriaId: "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "DF77273F-73C0-40EB-BB4E-75269D46F074", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "757958F5-F58C-4128-B128-D989A56ACA34", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "F62D6B73-1AB7-4B93-A92E-275E78DF114C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "A0E6AAD9-824C-4126-8347-2FF1895E6D33", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "3BD31E5A-518C-482F-A926-383ADCC7015E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "155D990F-C7DA-48DD-92CC-18542DBBE572", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "1D094D51-8F25-430F-99C4-1A734CAA63E4", versionEndExcluding: "4.0\\(1d\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*", matchCriteriaId: "678F3A32-372A-441E-8115-95181FBAF628", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*", matchCriteriaId: "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "DF77273F-73C0-40EB-BB4E-75269D46F074", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "757958F5-F58C-4128-B128-D989A56ACA34", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "F62D6B73-1AB7-4B93-A92E-275E78DF114C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "A0E6AAD9-824C-4126-8347-2FF1895E6D33", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "3BD31E5A-518C-482F-A926-383ADCC7015E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "155D990F-C7DA-48DD-92CC-18542DBBE572", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "B9AB71C7-E751-4390-84B0-D88794FE2E5A", versionEndExcluding: "4.0\\(2c\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*", matchCriteriaId: "678F3A32-372A-441E-8115-95181FBAF628", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*", matchCriteriaId: "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "DF77273F-73C0-40EB-BB4E-75269D46F074", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "757958F5-F58C-4128-B128-D989A56ACA34", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "F62D6B73-1AB7-4B93-A92E-275E78DF114C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "A0E6AAD9-824C-4126-8347-2FF1895E6D33", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "3BD31E5A-518C-482F-A926-383ADCC7015E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "155D990F-C7DA-48DD-92CC-18542DBBE572", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by invoking an interface monitoring mechanism with a crafted argument on the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en la web del software Cisco Integrated Management Controller (IMC) podría permitir que un atacante remoto autenticado inyecte comandos arbitrarios que se ejecutan con privilegios de root en un dispositivo afectado. La vulnerabilidad se debe a una validación insuficiente de las entradas proporcionadas por el usuario por el software afectado. Un atacante podría aprovechar esta vulnerabilidad invocando un mecanismo de monitoreo de interfaz con un argumento diseñado sobre el software afectado. Una explotación exitosa podría permitir al atacante inyectar y ejecutar comandos arbitrarios a nivel de sistema con privilegios de root en un dispositivo afectado.", }, ], id: "CVE-2019-1865", lastModified: "2024-11-21T04:37:34.050", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-21T19:15:14.420", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1865", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1865", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-21 19:15
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an attacker to cause the web server to crash. Physical access to the device may be required for a restart.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_computing_system | 4.0\(1c\)hs3 | |
| cisco | integrated_management_controller_supervisor | * | |
| cisco | ucs_c125_m5 | - | |
| cisco | ucs_c4200 | - | |
| cisco | ucs_s3260 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\)hs3:*:*:*:*:*:*:*", matchCriteriaId: "39F8601E-730B-489B-AD2A-FD10FAF28595", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "F5549F4C-CF65-4F22-9675-EFAA99964CA0", versionEndExcluding: "4.0\\(2f\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an attacker to cause the web server to crash. Physical access to the device may be required for a restart.", }, { lang: "es", value: "Una vulnerabilidad en el servidor web de Cisco Integrated Management Controller (IMC) podría permitir que un atacante remoto no autenticado provoque el bloqueo del proceso del servidor web, provocando una condición de denegación de servicio (DoS) en un sistema afectado. La vulnerabilidad se debe a una validación insuficiente de la entrada proporcionada por el usuario en la interfaz web. Un atacante podría aprovechar esta vulnerabilidad al enviar una solicitud HTTP diseñada a ciertos puntos finales del software afectado. Una explotación exitosa podría permitir que un atacante haga que el servidor web se bloquee. Es posible que se requiera acceso físico al dispositivo para reiniciar.", }, ], id: "CVE-2019-1900", lastModified: "2024-11-21T04:37:38.900", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-21T19:15:15.090", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-dos", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-dos", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-21 19:15
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow a user with read-only privileges to change critical system configurations using administrator privileges.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\)hs3:*:*:*:*:*:*:*", matchCriteriaId: "39F8601E-730B-489B-AD2A-FD10FAF28595", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "AD570463-F539-47E7-B455-9376BD3EE99D", versionEndExcluding: "1.5\\(9g\\)", versionStartIncluding: "1.5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "416F7C96-3EF0-4B6D-B414-3FC0D0848144", versionEndExcluding: "2.0\\(13o\\)", versionStartIncluding: "2.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "0056011A-04F0-4185-8EE7-B1B30CAAA863", versionEndExcluding: "3.0\\(4k\\)", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "59EE9E78-D09E-4069-BC84-ED42E3EE76F1", versionEndExcluding: "4.0\\(4b\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*", matchCriteriaId: "678F3A32-372A-441E-8115-95181FBAF628", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*", matchCriteriaId: "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "DF77273F-73C0-40EB-BB4E-75269D46F074", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "757958F5-F58C-4128-B128-D989A56ACA34", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "F62D6B73-1AB7-4B93-A92E-275E78DF114C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "A0E6AAD9-824C-4126-8347-2FF1895E6D33", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "3BD31E5A-518C-482F-A926-383ADCC7015E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "155D990F-C7DA-48DD-92CC-18542DBBE572", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "1D094D51-8F25-430F-99C4-1A734CAA63E4", versionEndExcluding: "4.0\\(1d\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*", matchCriteriaId: "678F3A32-372A-441E-8115-95181FBAF628", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*", matchCriteriaId: "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "DF77273F-73C0-40EB-BB4E-75269D46F074", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "757958F5-F58C-4128-B128-D989A56ACA34", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "F62D6B73-1AB7-4B93-A92E-275E78DF114C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "A0E6AAD9-824C-4126-8347-2FF1895E6D33", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "3BD31E5A-518C-482F-A926-383ADCC7015E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "155D990F-C7DA-48DD-92CC-18542DBBE572", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "B9AB71C7-E751-4390-84B0-D88794FE2E5A", versionEndExcluding: "4.0\\(2c\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*", matchCriteriaId: "678F3A32-372A-441E-8115-95181FBAF628", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*", matchCriteriaId: "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "DF77273F-73C0-40EB-BB4E-75269D46F074", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "757958F5-F58C-4128-B128-D989A56ACA34", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "F62D6B73-1AB7-4B93-A92E-275E78DF114C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "A0E6AAD9-824C-4126-8347-2FF1895E6D33", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "3BD31E5A-518C-482F-A926-383ADCC7015E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "155D990F-C7DA-48DD-92CC-18542DBBE572", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow a user with read-only privileges to change critical system configurations using administrator privileges.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en la web del software Cisco Integrated Management Controller (IMC) podría permitir que un atacante remoto autenticado realice cambios no autorizados en la configuración del sistema. La vulnerabilidad se debe a la insuficiente aplicación de la autorización. Un atacante podría aprovechar esta vulnerabilidad enviando una solicitud HTTP diseñada al software afectado. Una explotación exitosa podría permitir a un usuario con privilegios de solo lectura cambiar configuraciones críticas del sistema utilizando privilegios de administrador.", }, ], id: "CVE-2019-1863", lastModified: "2024-11-21T04:37:33.743", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-21T19:15:14.277", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privilege", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privilege", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-21 19:15
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending malicious commands to the web-based management interface of the affected software. A successful exploit could allow the attacker, with read-only privileges, to inject and execute arbitrary, system-level commands with root privileges on an affected device.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\)hs3:*:*:*:*:*:*:*", matchCriteriaId: "39F8601E-730B-489B-AD2A-FD10FAF28595", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "AD570463-F539-47E7-B455-9376BD3EE99D", versionEndExcluding: "1.5\\(9g\\)", versionStartIncluding: "1.5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "416F7C96-3EF0-4B6D-B414-3FC0D0848144", versionEndExcluding: "2.0\\(13o\\)", versionStartIncluding: "2.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "0056011A-04F0-4185-8EE7-B1B30CAAA863", versionEndExcluding: "3.0\\(4k\\)", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "59EE9E78-D09E-4069-BC84-ED42E3EE76F1", versionEndExcluding: "4.0\\(4b\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*", matchCriteriaId: "678F3A32-372A-441E-8115-95181FBAF628", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*", matchCriteriaId: "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "DF77273F-73C0-40EB-BB4E-75269D46F074", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "757958F5-F58C-4128-B128-D989A56ACA34", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "F62D6B73-1AB7-4B93-A92E-275E78DF114C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "A0E6AAD9-824C-4126-8347-2FF1895E6D33", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "3BD31E5A-518C-482F-A926-383ADCC7015E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "155D990F-C7DA-48DD-92CC-18542DBBE572", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "1D094D51-8F25-430F-99C4-1A734CAA63E4", versionEndExcluding: "4.0\\(1d\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*", matchCriteriaId: "678F3A32-372A-441E-8115-95181FBAF628", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*", matchCriteriaId: "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "DF77273F-73C0-40EB-BB4E-75269D46F074", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "757958F5-F58C-4128-B128-D989A56ACA34", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "F62D6B73-1AB7-4B93-A92E-275E78DF114C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "A0E6AAD9-824C-4126-8347-2FF1895E6D33", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "3BD31E5A-518C-482F-A926-383ADCC7015E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "155D990F-C7DA-48DD-92CC-18542DBBE572", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "B9AB71C7-E751-4390-84B0-D88794FE2E5A", versionEndExcluding: "4.0\\(2c\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*", matchCriteriaId: "678F3A32-372A-441E-8115-95181FBAF628", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*", matchCriteriaId: "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "DF77273F-73C0-40EB-BB4E-75269D46F074", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "757958F5-F58C-4128-B128-D989A56ACA34", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "F62D6B73-1AB7-4B93-A92E-275E78DF114C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "A0E6AAD9-824C-4126-8347-2FF1895E6D33", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "3BD31E5A-518C-482F-A926-383ADCC7015E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "155D990F-C7DA-48DD-92CC-18542DBBE572", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending malicious commands to the web-based management interface of the affected software. A successful exploit could allow the attacker, with read-only privileges, to inject and execute arbitrary, system-level commands with root privileges on an affected device.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en la web del software Cisco Integrated Management Controller (IMC) podría permitir que un atacante remoto autenticado inyecte comandos arbitrarios que se ejecutan con privilegios de root en un dispositivo afectado. La vulnerabilidad se debe a una validación insuficiente de la entrada de comandos por parte del software afectado. Un atacante podría aprovechar esta vulnerabilidad enviando comandos maliciosos a la interfaz de administración basada en web del software afectado. Una explotación exitosa podría permitir al atacante, con privilegios de solo lectura, inyectar y ejecutar comandos arbitrarios a nivel de sistema con privilegios de root en un dispositivo afectado.", }, ], id: "CVE-2019-1864", lastModified: "2024-11-21T04:37:33.893", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-21T19:15:14.357", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1864", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1864", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-21 19:15
Modified
2024-11-21 04:37
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to use the acquired session token to gain full administrator access to the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | integrated_management_controller_supervisor | * | |
| cisco | ucs_director | * | |
| cisco | ucs_director | * | |
| cisco | ucs_director | 6.7\(0.0.67265\) | |
| cisco | ucs_director_express_for_big_data | * | |
| cisco | ucs_director_express_for_big_data | 3.6.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "4352B424-3852-466D-97BD-D7D678F4BAC9", versionEndIncluding: "2.2.0.6", versionStartIncluding: "2.2.0.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*", matchCriteriaId: "FE74A216-65E1-433A-80EB-FBC8B5D242C9", versionEndIncluding: "6.6.1.0", versionStartIncluding: "6.6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*", matchCriteriaId: "0D392DF7-3750-4876-B4F0-40C7DA564769", versionEndIncluding: "6.7.1.0", versionStartIncluding: "6.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:6.7\\(0.0.67265\\):*:*:*:*:*:*:*", matchCriteriaId: "DDB592A9-56F6-422A-9698-09AFB96BE298", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:*:*:*:*:*:*:*:*", matchCriteriaId: "07F15693-B95E-4B62-9A00-13EFC4506717", versionEndIncluding: "3.7.1.0", versionStartIncluding: "3.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:3.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "451ABC79-936F-469E-B1D8-ADB3EDCA52F3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to use the acquired session token to gain full administrator access to the affected device.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en la web de Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director y Cisco UCS Director Express para Big Data podría permitir que un atacante remoto no autenticado adquiera un token de sesión válido con privilegios de administrador, evitando al usuario autenticación. La vulnerabilidad se debe a una validación insuficiente del encabezado de la solicitud durante el proceso de autenticación. Un atacante podría aprovechar esta vulnerabilidad enviando una serie de solicitudes maliciosas a un dispositivo afectado. Un exploit podría permitir al atacante usar el token de sesión adquirido para obtener acceso completo del administrador al dispositivo afectado.", }, ], id: "CVE-2019-1937", lastModified: "2024-11-21T04:37:43.487", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-21T19:15:15.403", references: [ { source: "psirt@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html", }, { source: "psirt@cisco.com", url: "http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html", }, { source: "psirt@cisco.com", url: "http://packetstormsecurity.com/files/173531/Cisco-UCS-IMC-Supervisor-2.2.0.0-Authentication-Bypass.html", }, { source: "psirt@cisco.com", url: "http://seclists.org/fulldisclosure/2019/Aug/36", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/49", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authby", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/173531/Cisco-UCS-IMC-Supervisor-2.2.0.0-Authentication-Bypass.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2019/Aug/36", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/49", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authby", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-21 19:15
Modified
2024-11-21 04:37
Severity ?
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. An attacker would need to have valid administrator credentials on the device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker with elevated privileges could exploit this vulnerability by sending crafted commands to the administrative web management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_computing_system | 4.0\(1c\)hs3 | |
| cisco | integrated_management_controller_supervisor | * | |
| cisco | integrated_management_controller_supervisor | * | |
| cisco | encs_5100 | - | |
| cisco | encs_5400 | - | |
| cisco | ucs-e1120d-m3 | - | |
| cisco | ucs-e140s-m2 | - | |
| cisco | ucs-e160d-m2 | - | |
| cisco | ucs-e160s-m3 | - | |
| cisco | ucs-e168d-m2 | - | |
| cisco | ucs-e180d-m3 | - | |
| cisco | ucs_c125_m5 | - | |
| cisco | ucs_c4200 | - | |
| cisco | ucs_s3260 | - | |
| cisco | integrated_management_controller_supervisor | * | |
| cisco | encs_5100 | - | |
| cisco | encs_5400 | - | |
| cisco | ucs-e1120d-m3 | - | |
| cisco | ucs-e140s-m2 | - | |
| cisco | ucs-e160d-m2 | - | |
| cisco | ucs-e160s-m3 | - | |
| cisco | ucs-e168d-m2 | - | |
| cisco | ucs-e180d-m3 | - | |
| cisco | ucs_c125_m5 | - | |
| cisco | ucs_c4200 | - | |
| cisco | ucs_s3260 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\)hs3:*:*:*:*:*:*:*", matchCriteriaId: "39F8601E-730B-489B-AD2A-FD10FAF28595", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "0056011A-04F0-4185-8EE7-B1B30CAAA863", versionEndExcluding: "3.0\\(4k\\)", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "59EE9E78-D09E-4069-BC84-ED42E3EE76F1", versionEndExcluding: "4.0\\(4b\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*", matchCriteriaId: "678F3A32-372A-441E-8115-95181FBAF628", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*", matchCriteriaId: "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "DF77273F-73C0-40EB-BB4E-75269D46F074", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "757958F5-F58C-4128-B128-D989A56ACA34", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "F62D6B73-1AB7-4B93-A92E-275E78DF114C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "A0E6AAD9-824C-4126-8347-2FF1895E6D33", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "3BD31E5A-518C-482F-A926-383ADCC7015E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "155D990F-C7DA-48DD-92CC-18542DBBE572", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "F5549F4C-CF65-4F22-9675-EFAA99964CA0", versionEndExcluding: "4.0\\(2f\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*", matchCriteriaId: "678F3A32-372A-441E-8115-95181FBAF628", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*", matchCriteriaId: "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "DF77273F-73C0-40EB-BB4E-75269D46F074", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "757958F5-F58C-4128-B128-D989A56ACA34", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "F62D6B73-1AB7-4B93-A92E-275E78DF114C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "A0E6AAD9-824C-4126-8347-2FF1895E6D33", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "3BD31E5A-518C-482F-A926-383ADCC7015E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "155D990F-C7DA-48DD-92CC-18542DBBE572", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. An attacker would need to have valid administrator credentials on the device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker with elevated privileges could exploit this vulnerability by sending crafted commands to the administrative web management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en la web del software Cisco Integrated Management Controller (IMC) podría permitir que un atacante remoto autenticado inyecte comandos arbitrarios que se ejecutan con privilegios de root en un dispositivo afectado. Un atacante necesitaría tener credenciales de administrador válidas en el dispositivo. La vulnerabilidad se debe a una validación insuficiente de las entradas proporcionadas por el usuario por el software afectado. Un atacante con privilegios elevados podría aprovechar esta vulnerabilidad enviando comandos diseñados a la interfaz administrativa de administración web del software afectado. Una explotación exitosa podría permitir al atacante inyectar y ejecutar comandos arbitrarios a nivel de sistema con privilegios de root en un dispositivo afectado.", }, ], id: "CVE-2019-1850", lastModified: "2024-11-21T04:37:31.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-21T19:15:14.217", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1850", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1850", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-20 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute arbitrary commands with root-level privileges on the affected system, which the attacker could use to conduct further attacks. Cisco Bug IDs: CSCvd14591.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/97925 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97925 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | integrated_management_controller_supervisor | 3.0\(1c\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:3.0\\(1c\\):*:*:*:*:*:*:*", matchCriteriaId: "674BE7E5-FC1C-4083-B4D3-8C816239D0CB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute arbitrary commands with root-level privileges on the affected system, which the attacker could use to conduct further attacks. Cisco Bug IDs: CSCvd14591.", }, { lang: "es", value: "Una vulnerabilidad en la GUI basada en web de Cisco Integrated Management Controller (IMC) 3.0 (1c) podría permitir a un atacante remoto autenticado ejecutar comandos arbitrarios en un sistema afectado. La vulnerabilidad existe porque el software afectado no desinfecta suficientemente la entrada HTTP proporcionada por el usuario. Un atacante podría explotar esta vulnerabilidad a través del envío de una solicitud HTTP POST que contenga datos de usuario deserializados y manipulados para el software afectado. Una explotación exitosa podría permitir al atacante ejecutar comandos arbitrarios con privilegios de nivel root en el sistema afectado, que el atacante podría usar para realizar nuevos ataques. Cisco Bug IDs: CSCvd14591.", }, ], id: "CVE-2017-6619", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-20T22:59:00.887", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97925", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97925", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-21 19:15
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\)hs3:*:*:*:*:*:*:*", matchCriteriaId: "39F8601E-730B-489B-AD2A-FD10FAF28595", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "416F7C96-3EF0-4B6D-B414-3FC0D0848144", versionEndExcluding: "2.0\\(13o\\)", versionStartIncluding: "2.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "0056011A-04F0-4185-8EE7-B1B30CAAA863", versionEndExcluding: "3.0\\(4k\\)", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "59EE9E78-D09E-4069-BC84-ED42E3EE76F1", versionEndExcluding: "4.0\\(4b\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*", matchCriteriaId: "678F3A32-372A-441E-8115-95181FBAF628", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*", matchCriteriaId: "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "DF77273F-73C0-40EB-BB4E-75269D46F074", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "757958F5-F58C-4128-B128-D989A56ACA34", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "F62D6B73-1AB7-4B93-A92E-275E78DF114C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "A0E6AAD9-824C-4126-8347-2FF1895E6D33", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "3BD31E5A-518C-482F-A926-383ADCC7015E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "155D990F-C7DA-48DD-92CC-18542DBBE572", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "F5549F4C-CF65-4F22-9675-EFAA99964CA0", versionEndExcluding: "4.0\\(2f\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*", matchCriteriaId: "678F3A32-372A-441E-8115-95181FBAF628", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*", matchCriteriaId: "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "DF77273F-73C0-40EB-BB4E-75269D46F074", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "757958F5-F58C-4128-B128-D989A56ACA34", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "F62D6B73-1AB7-4B93-A92E-275E78DF114C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "A0E6AAD9-824C-4126-8347-2FF1895E6D33", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "3BD31E5A-518C-482F-A926-383ADCC7015E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "155D990F-C7DA-48DD-92CC-18542DBBE572", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en la web de Cisco Integrated Management Controller (IMC) podría permitir que un atacante remoto autenticado inyecte comandos arbitrarios y obtenga privilegios de root. La vulnerabilidad se debe a una validación insuficiente de la entrada proporcionada por el usuario en la función de Solicitud de firma de certificado (CSR) de la interfaz de administración basada en la web. Un atacante podría aprovechar esta vulnerabilidad al enviar una CSR diseñada en la interfaz de administración basada en la web. Una explotación exitosa podría permitir que un atacante con privilegios de administrador ejecute comandos arbitrarios en el dispositivo con todos los privilegios de root.", }, ], id: "CVE-2019-1896", lastModified: "2024-11-21T04:37:38.333", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-21T19:15:15.013", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-21 19:15
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. Changing the default password for this account is not enforced during the installation of the product. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | integrated_management_controller_supervisor | * | |
| cisco | integrated_management_controller_supervisor | 2.1.0.0 | |
| cisco | ucs_director | 6.0.0.0 | |
| cisco | ucs_director | 6.5.0.0 | |
| cisco | ucs_director | 6.6.0.0 | |
| cisco | ucs_director | 6.6.1.0 | |
| cisco | ucs_director | 6.7\(0.0.67265\) | |
| cisco | ucs_director | 6.7.0.0 | |
| cisco | ucs_director | 6.7.1.0 | |
| cisco | ucs_director_express_for_big_data | 3.0.0.0 | |
| cisco | ucs_director_express_for_big_data | 3.5.0.0 | |
| cisco | ucs_director_express_for_big_data | 3.6.0.0 | |
| cisco | ucs_director_express_for_big_data | 3.7.0.0 | |
| cisco | ucs_director_express_for_big_data | 3.7.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "B97B4B36-28E2-4550-B766-BA10DE00A33D", versionEndIncluding: "2.2.0.6", versionStartIncluding: "2.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "512DAB16-F482-424A-AC39-69977B775AA4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:ucs_director:6.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F5F6460C-AD67-4B0A-A900-798E7A2A92C3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:6.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "1DB174AA-261E-4252-AF4E-463EB72309D2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:6.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F95E9D60-7976-4CFB-B36B-0BC6675FA383", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:6.6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "4E99B2DD-0E27-42FE-AE41-BE9FE8E78D4F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:6.7\\(0.0.67265\\):*:*:*:*:*:*:*", matchCriteriaId: "DDB592A9-56F6-422A-9698-09AFB96BE298", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:6.7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "53FB8D53-BF77-443F-947A-79A6268CCC5B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:6.7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D16313A1-5D0B-4C91-B476-A9352A11AEE4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:3.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "93BE2DF4-CD88-407C-BDF6-ADD6001E3822", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:3.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "8D361A6E-1F55-4CB0-97A3-A96042E7AFB8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:3.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "451ABC79-936F-469E-B1D8-ADB3EDCA52F3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:3.7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0D842353-38D3-4F67-BAAC-EFEBDA7511D6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:3.7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "C4B9E1E3-F91D-4EB6-B7FA-8BC72DC38006", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. Changing the default password for this account is not enforced during the installation of the product. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database.", }, { lang: "es", value: "Una vulnerabilidad en Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, y Cisco UCS Director Express for Big Data podría permitir que un atacante remoto no autenticado inicie sesión en la CLI de un sistema afectado utilizando la cuenta de usuario SCP (scpuser) , que tiene credenciales de usuario predeterminadas. La vulnerabilidad se debe a la presencia de una cuenta predeterminada documentada con una contraseña predeterminada no documentada y una configuración de permisos incorrecta para esa cuenta. El cambio de la contraseña predeterminada para esta cuenta no se aplica durante la instalación del producto. Un atacante podría aprovechar esta vulnerabilidad utilizando la cuenta para iniciar sesión en un sistema afectado. Una explotación exitosa podría permitir al atacante ejecutar comandos arbitrarios con los privilegios de la cuenta scpuser. Esto incluye acceso completo de lectura y escritura a la base de datos del sistema.", }, ], id: "CVE-2019-1935", lastModified: "2024-11-21T04:37:43.173", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-21T19:15:15.277", references: [ { source: "psirt@cisco.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154305/Cisco-UCS-Director-Default-scpuser-Password.html", }, { source: "psirt@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Aug/36", }, { source: "psirt@cisco.com", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/49", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-usercred", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154305/Cisco-UCS-Director-Default-scpuser-Password.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Aug/36", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/49", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-usercred", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-798", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-21 19:15
Modified
2024-11-21 04:37
Severity ?
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device. The vulnerability is due to improper bounds checking by the import-config process. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to implement arbitrary code on the affected device with elevated privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_computing_system | 4.0\(1c\)hs3 | |
| cisco | integrated_management_controller_supervisor | * | |
| cisco | integrated_management_controller_supervisor | * | |
| cisco | encs_5100 | - | |
| cisco | encs_5400 | - | |
| cisco | ucs-e1120d-m3 | - | |
| cisco | ucs-e140s-m2 | - | |
| cisco | ucs-e160d-m2 | - | |
| cisco | ucs-e160s-m3 | - | |
| cisco | ucs-e168d-m2 | - | |
| cisco | ucs-e180d-m3 | - | |
| cisco | ucs_c125_m5 | - | |
| cisco | ucs_c4200 | - | |
| cisco | ucs_s3260 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\)hs3:*:*:*:*:*:*:*", matchCriteriaId: "39F8601E-730B-489B-AD2A-FD10FAF28595", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "0056011A-04F0-4185-8EE7-B1B30CAAA863", versionEndExcluding: "3.0\\(4k\\)", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "59EE9E78-D09E-4069-BC84-ED42E3EE76F1", versionEndExcluding: "4.0\\(4b\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*", matchCriteriaId: "678F3A32-372A-441E-8115-95181FBAF628", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*", matchCriteriaId: "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "DF77273F-73C0-40EB-BB4E-75269D46F074", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "757958F5-F58C-4128-B128-D989A56ACA34", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "F62D6B73-1AB7-4B93-A92E-275E78DF114C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "A0E6AAD9-824C-4126-8347-2FF1895E6D33", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "3BD31E5A-518C-482F-A926-383ADCC7015E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "155D990F-C7DA-48DD-92CC-18542DBBE572", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device. The vulnerability is due to improper bounds checking by the import-config process. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to implement arbitrary code on the affected device with elevated privileges.", }, { lang: "es", value: "Una vulnerabilidad en la utilidad de configuración Importar Cisco IMC de Cisco Integrated Management Controller (IMC) podría permitir que un atacante remoto autenticado cause una condición de denegación de servicio (DoS) e implemente comandos arbitrarios con privilegios de root en un dispositivo afectado. La vulnerabilidad se debe a una comprobación incorrecta de los límites por parte del proceso import-config. Un atacante podría aprovechar esta vulnerabilidad enviando paquetes maliciosos a un dispositivo afectado. Cuando se procesan los paquetes, puede ocurrir una condición de desbordamiento de búfer explotable. Una explotación exitosa podría permitir al atacante implementar código arbitrario en el dispositivo afectado con privilegios elevados.", }, ], id: "CVE-2019-1871", lastModified: "2024-11-21T04:37:34.953", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-21T19:15:14.480", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-bo", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-bo", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-20 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user on the affected system. Cisco Bug IDs: CSCvd14578.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/97928 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97928 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | integrated_management_controller_supervisor | 3.0\(1c\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:3.0\\(1c\\):*:*:*:*:*:*:*", matchCriteriaId: "674BE7E5-FC1C-4083-B4D3-8C816239D0CB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user on the affected system. Cisco Bug IDs: CSCvd14578.", }, { lang: "es", value: "Una vulnerabilidad en la GUI basada en web de Cisco Integrated Management Controller (IMC) 3.0 (1c) podría permitir a un atacante remoto autenticado ejecutar código arbitrario en un sistema afectado. La vulnerabilidad existe porque el software afectado no desinfecta suficientemente los valores específicos que se reciben como parte de una solicitud HTTP proporcionada por el usuario. Un atacante podría explotar esta vulnerabilidad enviando una solicitud HTTP manipulada al software afectado. Una explotación exitosa podría permitir al atacante ejecutar código arbitrario con los privilegios del usuario en el sistema afectado. ID de errores de Cisco: CSCvd14578.", }, ], id: "CVE-2017-6616", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-20T22:59:00.793", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97928", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97928", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-06 17:15
Modified
2024-11-21 05:30
Severity ?
Summary
A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to incorrect allocation of the enable/disable action button under the role-based access control code on an affected system. An attacker could exploit this vulnerability by authenticating as a read-only user and then updating the roles of other users to disable them. A successful exploit could allow the attacker to disable users, including administrative users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | integrated_management_controller_supervisor | * | |
| cisco | ucs_director | * | |
| cisco | ucs_director_express_for_big_data | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "056F1E39-365A-4CAE-A0EA-E393019FEF60", versionEndExcluding: "2.2.1.3", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*", matchCriteriaId: "631DC882-3FFB-4D7B-9A5D-9832DF4BBA56", versionEndExcluding: "6.7.4.0", versionStartIncluding: "5.4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:*:*:*:*:*:*:*:*", matchCriteriaId: "A16C6AD6-024C-49FC-9BA1-DC7A5096ED00", versionEndExcluding: "3.7.4.0", versionStartIncluding: "2.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to incorrect allocation of the enable/disable action button under the role-based access control code on an affected system. An attacker could exploit this vulnerability by authenticating as a read-only user and then updating the roles of other users to disable them. A successful exploit could allow the attacker to disable users, including administrative users.", }, { lang: "es", value: "Una vulnerabilidad en el control de acceso basado en roles del Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, y Cisco UCS Director Express for Big Data, podría permitir a un atacante remoto autenticado de solo lectura desactivar las cuentas de usuario sobre un sistema afectado. La vulnerabilidad es debido a una asignación incorrecta del botón de la acción habilitar/deshabilitar bajo el código de control de acceso basado en roles sobre un sistema afectado. Un atacante podría explotar esta vulnerabilidad autenticándose como un usuario de solo lectura y luego actualizando los roles de otros usuarios para deshabilitarlos. Una explotación con éxito podría permitir a un atacante deshabilitar a los usuarios, incluidos los usuarios administrativos.", }, ], id: "CVE-2020-3329", lastModified: "2024-11-21T05:30:48.813", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-06T17:15:13.963", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-Ar6BAguz", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-Ar6BAguz", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-21 19:15
Modified
2024-11-21 04:37
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to gain full administrative access to the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | integrated_management_controller_supervisor | * | |
| cisco | integrated_management_controller_supervisor | 2.1.0.0 | |
| cisco | ucs_director | * | |
| cisco | ucs_director | * | |
| cisco | ucs_director | * | |
| cisco | ucs_director | * | |
| cisco | ucs_director | * | |
| cisco | ucs_director | 6.7\(1.1\) | |
| cisco | ucs_director | 6.7\(2.0\) | |
| cisco | ucs_director_express_for_big_data | * | |
| cisco | ucs_director_express_for_big_data | * | |
| cisco | ucs_director_express_for_big_data | * | |
| cisco | ucs_director_express_for_big_data | * | |
| cisco | ucs_director_express_for_big_data | 3.6.0.0 | |
| cisco | ucs_director_express_for_big_data | 3.6.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "B97B4B36-28E2-4550-B766-BA10DE00A33D", versionEndIncluding: "2.2.0.6", versionStartIncluding: "2.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "512DAB16-F482-424A-AC39-69977B775AA4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*", matchCriteriaId: "4261774A-C5C0-4FD7-A22F-0F692A0CA143", versionEndIncluding: "5.5.0.2", versionStartIncluding: "5.5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*", matchCriteriaId: "CA47EBCE-BC99-457A-9A92-99E1BE0CEC6C", versionEndIncluding: "6.0.1.3", versionStartIncluding: "6.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*", matchCriteriaId: "8F67EFEA-C5AE-48A9-AD08-946CD8528166", versionEndIncluding: "6.5.0.3", versionStartIncluding: "6.5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*", matchCriteriaId: "FE74A216-65E1-433A-80EB-FBC8B5D242C9", versionEndIncluding: "6.6.1.0", versionStartIncluding: "6.6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*", matchCriteriaId: "4E66FC72-9589-46A8-AC73-6A4A9BFE9FC1", versionEndIncluding: "6.7.2.0", versionStartIncluding: "6.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:6.7\\(1.1\\):*:*:*:*:*:*:*", matchCriteriaId: "E190903F-390D-49F8-BB31-9A06E5AE4A89", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:6.7\\(2.0\\):*:*:*:*:*:*:*", matchCriteriaId: "05FC8BF4-72DE-4B3F-980C-2A5C3BBE02B3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:*:*:*:*:*:*:*:*", matchCriteriaId: "87D0F3ED-71E4-4E33-90A6-BC53CF3EFEAE", versionEndIncluding: "2.1.0.2", versionStartIncluding: "2.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:*:*:*:*:*:*:*:*", matchCriteriaId: "E730A2AE-2134-467E-8E9C-DEDAAEAE1606", versionEndIncluding: "3.0.1.3", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:*:*:*:*:*:*:*:*", matchCriteriaId: "D88093E6-0362-437E-8FEA-486A69F05A9E", versionEndIncluding: "3.5.0.3", versionStartIncluding: "3.5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:*:*:*:*:*:*:*:*", matchCriteriaId: "7317CA7D-B1A0-4F83-BA5F-6155459C8583", versionEndIncluding: "3.7.2.0", versionStartIncluding: "3.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:3.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "451ABC79-936F-469E-B1D8-ADB3EDCA52F3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:3.6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "6C918805-0026-4780-A8E2-8BC85A8F7282", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to gain full administrative access to the affected device.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en la web del Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, y Cisco UCS Director Express for Big Data podría permitir que un atacante remoto no autenticado omita la autenticación del usuario y obtenga acceso como usuario administrativo. La vulnerabilidad se debe a una validación insuficiente del encabezado de la solicitud durante el proceso de autenticación. Un atacante podría aprovechar esta vulnerabilidad enviando una serie de solicitudes maliciosas a un dispositivo afectado. Un exploit podría permitir al atacante obtener acceso administrativo completo al dispositivo afectado.", }, ], id: "CVE-2019-1974", lastModified: "2024-11-21T04:37:48.333", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-21T19:15:15.607", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypass", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypass", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-21 19:15
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged access to an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrator privileges and then sending a malicious request to a certain part of the interface.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | integrated_management_controller_supervisor | * | |
| cisco | integrated_management_controller_supervisor | 2.1.0.0 | |
| cisco | ucs_director | 6.0.0.0 | |
| cisco | ucs_director | 6.5.0.0 | |
| cisco | ucs_director | 6.6.0.0 | |
| cisco | ucs_director | 6.6.1.0 | |
| cisco | ucs_director | 6.7\(0.0.67265\) | |
| cisco | ucs_director | 6.7.0.0 | |
| cisco | ucs_director | 6.7.1.0 | |
| cisco | ucs_director_express_for_big_data | 3.0.0.0 | |
| cisco | ucs_director_express_for_big_data | 3.5.0.0 | |
| cisco | ucs_director_express_for_big_data | 3.6.0.0 | |
| cisco | ucs_director_express_for_big_data | 3.7.0.0 | |
| cisco | ucs_director_express_for_big_data | 3.7.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "B97B4B36-28E2-4550-B766-BA10DE00A33D", versionEndIncluding: "2.2.0.6", versionStartIncluding: "2.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "512DAB16-F482-424A-AC39-69977B775AA4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:ucs_director:6.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F5F6460C-AD67-4B0A-A900-798E7A2A92C3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:6.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "1DB174AA-261E-4252-AF4E-463EB72309D2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:6.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F95E9D60-7976-4CFB-B36B-0BC6675FA383", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:6.6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "4E99B2DD-0E27-42FE-AE41-BE9FE8E78D4F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:6.7\\(0.0.67265\\):*:*:*:*:*:*:*", matchCriteriaId: "DDB592A9-56F6-422A-9698-09AFB96BE298", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:6.7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "53FB8D53-BF77-443F-947A-79A6268CCC5B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:6.7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D16313A1-5D0B-4C91-B476-A9352A11AEE4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:3.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "93BE2DF4-CD88-407C-BDF6-ADD6001E3822", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:3.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "8D361A6E-1F55-4CB0-97A3-A96042E7AFB8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:3.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "451ABC79-936F-469E-B1D8-ADB3EDCA52F3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:3.7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0D842353-38D3-4F67-BAAC-EFEBDA7511D6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director_express_for_big_data:3.7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "C4B9E1E3-F91D-4EB6-B7FA-8BC72DC38006", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged access to an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrator privileges and then sending a malicious request to a certain part of the interface.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en la web de Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director,y Cisco UCS Director Express for Big Data podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el shell Linux subyacente como raíz usuario. La explotación de esta vulnerabilidad requiere acceso privilegiado a un dispositivo afectado. La vulnerabilidad se debe a una validación insuficiente de la entrada proporcionada por el usuario por la interfaz de administración basada en la web. Un atacante podría aprovechar esta vulnerabilidad iniciando sesión en la interfaz de administración basada en la web con privilegios de administrador y luego enviando una solicitud maliciosa a cierta parte de la interfaz.", }, ], id: "CVE-2019-1936", lastModified: "2024-11-21T04:37:43.317", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-21T19:15:15.357", references: [ { source: "psirt@cisco.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html", }, { source: "psirt@cisco.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html", }, { source: "psirt@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Aug/36", }, { source: "psirt@cisco.com", tags: [ "Broken Link", "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/49", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Aug/36", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/49", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-21 19:15
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the affected software. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional attacks.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\)hs3:*:*:*:*:*:*:*", matchCriteriaId: "39F8601E-730B-489B-AD2A-FD10FAF28595", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "416F7C96-3EF0-4B6D-B414-3FC0D0848144", versionEndExcluding: "2.0\\(13o\\)", versionStartIncluding: "2.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "0056011A-04F0-4185-8EE7-B1B30CAAA863", versionEndExcluding: "3.0\\(4k\\)", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "59EE9E78-D09E-4069-BC84-ED42E3EE76F1", versionEndExcluding: "4.0\\(4b\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "F5549F4C-CF65-4F22-9675-EFAA99964CA0", versionEndExcluding: "4.0\\(2f\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the affected software. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional attacks.", }, { lang: "es", value: "Una vulnerabilidad en la implementación de la Interfaz de administración de plataforma inteligente (IPMI) de Cisco Integrated Management Controller (IMC) podría permitir que un atacante remoto no autenticado vea información confidencial del sistema. La vulnerabilidad se debe a restricciones de seguridad insuficientes impuestas por el software afectado. Una explotación exitosa podría permitir al atacante ver información confidencial que pertenece a otros usuarios. El atacante podría usar esta información para realizar ataques adicionales.", }, ], id: "CVE-2019-1908", lastModified: "2024-11-21T04:37:39.833", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-21T19:15:15.230", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-infodisc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-infodisc", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-09-04 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs | Vendor Advisory | |
| psirt@cisco.com | http://www.securitytracker.com/id/1033451 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033451 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | integrated_management_controller_supervisor | * | |
| cisco | unified_computing_system_director | * | |
| cisco | unified_computing_system_director | 3.4_base | |
| cisco | unified_computing_system_director | 4.0_base | |
| cisco | unified_computing_system_director | 4.1_base | |
| cisco | unified_computing_system_director | 5.0.0.0 | |
| cisco | unified_computing_system_director | 5.0.0.1 | |
| cisco | unified_computing_system_director | 5.0.0.2 | |
| cisco | unified_computing_system_director | 5.0.0.3 | |
| cisco | unified_computing_system_director | 5.1.0.0 | |
| cisco | unified_computing_system_director | 5.1.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "EEE833A0-15CD-4E52-887A-B43D0445C6A1", versionEndIncluding: "1.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_computing_system_director:*:*:*:*:*:*:*:*", matchCriteriaId: "43725884-78A2-48E5-8349-636644D3DE1C", versionEndIncluding: "5.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_computing_system_director:3.4_base:*:*:*:*:*:*:*", matchCriteriaId: "D2D005C2-5EAA-49F7-9643-7D4C4D27B55F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_computing_system_director:4.0_base:*:*:*:*:*:*:*", matchCriteriaId: "C082DA66-1504-4C9A-B00A-EBFA8DAFF45D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_computing_system_director:4.1_base:*:*:*:*:*:*:*", matchCriteriaId: "436848BD-5172-4335-B2F3-1BE993BA027A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_computing_system_director:5.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "292F0AA6-7A1F-4572-BDA7-C32C5981AA01", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_computing_system_director:5.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "74AEADFB-3F10-4067-AB45-3D4FD5851852", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_computing_system_director:5.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F4CA0CB6-AFF6-42B7-BD4E-70A0E8B68E8C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_computing_system_director:5.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "921B6760-196B-4B5E-9CF8-534D1122075F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_computing_system_director:5.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0D465BFA-A438-4B1A-8D6A-C017F75F3DA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_computing_system_director:5.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DE8C5F5-B255-44FF-BB13-D57A548113A4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.", }, { lang: "es", value: "Vulnerabilidad en el componente JavaServer Pages (JSP) en Cisco Integrated Management Controller (IMC) Supervisor en versiones anteriores a 1.0.0.1 y UCS Director (anteriormente Cloupia Unified Infrastructure Controller) en versiones anteriores a 5.2.0.1, permite a atacantes remotos escribir en archivos arbitrarios a través de peticiones HTTP manipuladas, también conocida como Bug IDs CSCus36435 y CSCus62625.", }, ], id: "CVE-2015-6259", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.4, confidentialityImpact: "NONE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:N/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 9.2, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-09-04T01:59:02.910", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033451", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033451", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-21 19:15
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow an attacker to execute arbitrary commands on the device with root privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_computing_system | 4.0\(1c\)hs3 | |
| cisco | integrated_management_controller_supervisor | * | |
| cisco | integrated_management_controller_supervisor | * | |
| cisco | encs_5100 | - | |
| cisco | encs_5400 | - | |
| cisco | ucs-e1120d-m3 | - | |
| cisco | ucs-e140s-m2 | - | |
| cisco | ucs-e160d-m2 | - | |
| cisco | ucs-e160s-m3 | - | |
| cisco | ucs-e168d-m2 | - | |
| cisco | ucs-e180d-m3 | - | |
| cisco | ucs_c125_m5 | - | |
| cisco | ucs_c4200 | - | |
| cisco | ucs_s3260 | - | |
| cisco | integrated_management_controller_supervisor | * | |
| cisco | encs_5100 | - | |
| cisco | encs_5400 | - | |
| cisco | ucs-e1120d-m3 | - | |
| cisco | ucs-e140s-m2 | - | |
| cisco | ucs-e160d-m2 | - | |
| cisco | ucs-e160s-m3 | - | |
| cisco | ucs-e168d-m2 | - | |
| cisco | ucs-e180d-m3 | - | |
| cisco | ucs_c125_m5 | - | |
| cisco | ucs_c4200 | - | |
| cisco | ucs_s3260 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\)hs3:*:*:*:*:*:*:*", matchCriteriaId: "39F8601E-730B-489B-AD2A-FD10FAF28595", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "0056011A-04F0-4185-8EE7-B1B30CAAA863", versionEndExcluding: "3.0\\(4k\\)", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "59EE9E78-D09E-4069-BC84-ED42E3EE76F1", versionEndExcluding: "4.0\\(4b\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*", matchCriteriaId: "678F3A32-372A-441E-8115-95181FBAF628", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*", matchCriteriaId: "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "DF77273F-73C0-40EB-BB4E-75269D46F074", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "757958F5-F58C-4128-B128-D989A56ACA34", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "F62D6B73-1AB7-4B93-A92E-275E78DF114C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "A0E6AAD9-824C-4126-8347-2FF1895E6D33", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "3BD31E5A-518C-482F-A926-383ADCC7015E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "155D990F-C7DA-48DD-92CC-18542DBBE572", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "F5549F4C-CF65-4F22-9675-EFAA99964CA0", versionEndExcluding: "4.0\\(2f\\)", versionStartIncluding: "4.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*", matchCriteriaId: "678F3A32-372A-441E-8115-95181FBAF628", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*", matchCriteriaId: "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "DF77273F-73C0-40EB-BB4E-75269D46F074", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "757958F5-F58C-4128-B128-D989A56ACA34", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "F62D6B73-1AB7-4B93-A92E-275E78DF114C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "A0E6AAD9-824C-4126-8347-2FF1895E6D33", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e168d-m2:-:*:*:*:*:*:*:*", matchCriteriaId: "3BD31E5A-518C-482F-A926-383ADCC7015E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", matchCriteriaId: "155D990F-C7DA-48DD-92CC-18542DBBE572", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow an attacker to execute arbitrary commands on the device with root privileges.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de línea de comandos de Cisco Integrated Management Controller (IMC) podría permitir que un atacante local autenticado con credenciales de solo lectura inyecte comandos arbitrarios que podrían permitirles obtener privilegios de root. La vulnerabilidad se debe a una validación insuficiente de la entrada proporcionada por el usuario en la interfaz de línea de comandos. Un atacante podría aprovechar esta vulnerabilidad autenticándose con privilegios de solo lectura a través de la CLI de un dispositivo afectado y enviando una entrada diseñada a los comandos afectados. Una explotación exitosa podría permitir a un atacante ejecutar comandos arbitrarios en el dispositivo con privilegios de root.", }, ], id: "CVE-2019-1883", lastModified: "2024-11-21T04:37:36.547", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-21T19:15:14.637", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-cimc-cli-inject", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-cimc-cli-inject", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-20 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading an authenticated user of the web-based GUI on an affected system to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the web-based GUI on the affected system. Cisco Bug IDs: CSCvd14587.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/97927 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97927 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | integrated_management_controller_supervisor | 3.0\(1c\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:3.0\\(1c\\):*:*:*:*:*:*:*", matchCriteriaId: "674BE7E5-FC1C-4083-B4D3-8C816239D0CB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading an authenticated user of the web-based GUI on an affected system to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the web-based GUI on the affected system. Cisco Bug IDs: CSCvd14587.", }, { lang: "es", value: "Una vulnerabilidad en la GUI basada en web de Cisco Integrated Management Controller (IMC) 3.0 (1c) podría permitir a un atacante remoto autenticado realizar un ataque XSS. La vulnerabilidad se debe a una validación insuficiente de la entrada suministrada por el usuario por el software afectado. Un atacante podría explotar esta vulnerabilidad persuadiendo a un usuario autenticado de la GUI basada en web en un sistema afectado a seguir un enlace malicioso. Una explotación exitosa podría permitir al atacante ejecutar código arbitrario en el contexto de la GUI basada en web del sistema afectado. Cisco Bug IDs: CSCvd14587.", }, ], id: "CVE-2017-6618", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-20T22:59:00.853", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97927", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97927", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2019-12634
Vulnerability from cvelistv5
Published
2019-08-21 18:05
Modified
2024-11-19 19:01
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inability to maintain a session in the web-based management portal.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-imc-dos | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System Director |
Version: unspecified < 6.7.3.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:39.160Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190821 Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-imc-dos", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-12634", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-19T17:23:27.454497Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-19T19:01:05.058Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Computing System Director", vendor: "Cisco", versions: [ { lessThan: "6.7.3.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-08-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inability to maintain a session in the web-based management portal.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-264", description: "CWE-264", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-21T18:05:15", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190821 Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-imc-dos", }, ], source: { advisory: "cisco-sa-20190821-ucs-imc-dos", defect: [ [ "CSCvq89223", ], ], discovery: "INTERNAL", }, title: "Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Denial of Service Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-08-21T16:00:00-0700", ID: "CVE-2019-12634", STATE: "PUBLIC", TITLE: "Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Denial of Service Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Computing System Director", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "6.7.3.0", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inability to maintain a session in the web-based management portal.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "8.6", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-264", }, ], }, ], }, references: { reference_data: [ { name: "20190821 Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Denial of Service Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-imc-dos", }, ], }, source: { advisory: "cisco-sa-20190821-ucs-imc-dos", defect: [ [ "CSCvq89223", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-12634", datePublished: "2019-08-21T18:05:15.489872Z", dateReserved: "2019-06-04T00:00:00", dateUpdated: "2024-11-19T19:01:05.058Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1885
Vulnerability from cvelistv5
Published
2019-08-21 18:20
Modified
2024-11-20 17:11
Severity ?
EPSS score ?
Summary
A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by sending crafted authenticated commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary commands on an affected device with root privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-cimc | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System (Management Software) |
Version: unspecified < 3.0(4k) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:35:51.534Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190821 Cisco Integrated Management Controller Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-cimc", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1885", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T16:52:19.323055Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T17:11:38.910Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Computing System (Management Software)", vendor: "Cisco", versions: [ { lessThan: "3.0(4k)", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-08-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by sending crafted authenticated commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary commands on an affected device with root privileges.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-21T18:20:33", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190821 Cisco Integrated Management Controller Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-cimc", }, ], source: { advisory: "cisco-sa-20190821-ucs-cimc", defect: [ [ "CSCvo01180", ], ], discovery: "INTERNAL", }, title: "Cisco Integrated Management Controller Command Injection Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-08-21T16:00:00-0700", ID: "CVE-2019-1885", STATE: "PUBLIC", TITLE: "Cisco Integrated Management Controller Command Injection Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Computing System (Management Software)", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "3.0(4k)", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by sending crafted authenticated commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary commands on an affected device with root privileges.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-78", }, ], }, ], }, references: { reference_data: [ { name: "20190821 Cisco Integrated Management Controller Command Injection Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-cimc", }, ], }, source: { advisory: "cisco-sa-20190821-ucs-cimc", defect: [ [ "CSCvo01180", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1885", datePublished: "2019-08-21T18:20:33.442947Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-20T17:11:38.910Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1883
Vulnerability from cvelistv5
Published
2019-08-21 18:20
Modified
2024-11-20 17:11
Severity ?
EPSS score ?
Summary
A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow an attacker to execute arbitrary commands on the device with root privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-cimc-cli-inject | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Version: unspecified < 3.0(4k) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:35:50.734Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190821 Cisco Integrated Management Controller CLI Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-cimc-cli-inject", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1883", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T16:52:15.679102Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T17:11:30.718Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Computing System E-Series Software (UCSE)", vendor: "Cisco", versions: [ { lessThan: "3.0(4k)", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-08-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow an attacker to execute arbitrary commands on the device with root privileges.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-21T18:20:38", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190821 Cisco Integrated Management Controller CLI Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-cimc-cli-inject", }, ], source: { advisory: "cisco-sa-20190821-cimc-cli-inject", defect: [ [ "CSCvo35996", ], ], discovery: "INTERNAL", }, title: "Cisco Integrated Management Controller CLI Command Injection Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-08-21T16:00:00-0700", ID: "CVE-2019-1883", STATE: "PUBLIC", TITLE: "Cisco Integrated Management Controller CLI Command Injection Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Computing System E-Series Software (UCSE)", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "3.0(4k)", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow an attacker to execute arbitrary commands on the device with root privileges.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "7.0", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-78", }, ], }, ], }, references: { reference_data: [ { name: "20190821 Cisco Integrated Management Controller CLI Command Injection Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-cimc-cli-inject", }, ], }, source: { advisory: "cisco-sa-20190821-cimc-cli-inject", defect: [ [ "CSCvo35996", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1883", datePublished: "2019-08-21T18:20:38.194916Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-20T17:11:30.718Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1907
Vulnerability from cvelistv5
Published
2019-08-21 18:25
Modified
2024-11-20 17:11
Severity ?
EPSS score ?
Summary
A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker with read-only privileges to gain administrator privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privescal | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System (Management Software) |
Version: unspecified < 4.0(2f) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:35:52.024Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190821 Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privescal", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1907", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T16:52:03.383761Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T17:11:11.729Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Computing System (Management Software)", vendor: "Cisco", versions: [ { lessThan: "4.0(2f)", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-08-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker with read-only privileges to gain administrator privileges.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-21T18:25:32", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190821 Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privescal", }, ], source: { advisory: "cisco-sa-20190821-imc-privescal", defect: [ [ "CSCvo36080", ], ], discovery: "INTERNAL", }, title: "Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-08-21T16:00:00-0700", ID: "CVE-2019-1907", STATE: "PUBLIC", TITLE: "Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Computing System (Management Software)", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "4.0(2f)", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker with read-only privileges to gain administrator privileges.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "8.8", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-285", }, ], }, ], }, references: { reference_data: [ { name: "20190821 Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privescal", }, ], }, source: { advisory: "cisco-sa-20190821-imc-privescal", defect: [ [ "CSCvo36080", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1907", datePublished: "2019-08-21T18:25:32.810719Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-20T17:11:11.729Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1871
Vulnerability from cvelistv5
Published
2019-08-21 18:15
Modified
2024-11-20 17:12
Severity ?
EPSS score ?
Summary
A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device. The vulnerability is due to improper bounds checking by the import-config process. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to implement arbitrary code on the affected device with elevated privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-bo | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System (Management Software) |
Version: unspecified < 3.0(4k) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:28:42.971Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190821 Cisco Integrated Management Controller Buffer Overflow Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-bo", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1871", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T16:52:28.002599Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T17:12:13.465Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Computing System (Management Software)", vendor: "Cisco", versions: [ { lessThan: "3.0(4k)", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-08-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device. The vulnerability is due to improper bounds checking by the import-config process. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to implement arbitrary code on the affected device with elevated privileges.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-21T18:15:13", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190821 Cisco Integrated Management Controller Buffer Overflow Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-bo", }, ], source: { advisory: "cisco-sa-20190821-imc-bo", defect: [ [ "CSCvo36122", ], ], discovery: "INTERNAL", }, title: "Cisco Integrated Management Controller Buffer Overflow Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-08-21T16:00:00-0700", ID: "CVE-2019-1871", STATE: "PUBLIC", TITLE: "Cisco Integrated Management Controller Buffer Overflow Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Computing System (Management Software)", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "3.0(4k)", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device. The vulnerability is due to improper bounds checking by the import-config process. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to implement arbitrary code on the affected device with elevated privileges.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-119", }, ], }, ], }, references: { reference_data: [ { name: "20190821 Cisco Integrated Management Controller Buffer Overflow Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-bo", }, ], }, source: { advisory: "cisco-sa-20190821-imc-bo", defect: [ [ "CSCvo36122", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1871", datePublished: "2019-08-21T18:15:13.566393Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-20T17:12:13.465Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1937
Vulnerability from cvelistv5
Published
2019-08-21 18:25
Modified
2024-09-16 22:52
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to use the acquired session token to gain full administrator access to the affected device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System Director |
Version: unspecified < 6.7.3.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:35:51.886Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190821 Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authby", }, { name: "20190828 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root", tags: [ "mailing-list", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Aug/49", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html", }, { name: "20190830 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Aug/36", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/173531/Cisco-UCS-IMC-Supervisor-2.2.0.0-Authentication-Bypass.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Computing System Director", vendor: "Cisco", versions: [ { lessThan: "6.7.3.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-08-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to use the acquired session token to gain full administrator access to the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-17T00:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190821 Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability", tags: [ "vendor-advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authby", }, { name: "20190828 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root", tags: [ "mailing-list", ], url: "https://seclists.org/bugtraq/2019/Aug/49", }, { url: "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html", }, { name: "20190830 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2019/Aug/36", }, { url: "http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html", }, { url: "http://packetstormsecurity.com/files/173531/Cisco-UCS-IMC-Supervisor-2.2.0.0-Authentication-Bypass.html", }, ], source: { advisory: "cisco-sa-20190821-imcs-ucs-authby", defect: [ [ "CSCvp19229", ], ], discovery: "INTERNAL", }, title: "Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1937", datePublished: "2019-08-21T18:25:13.293304Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-09-16T22:52:10.450Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-6399
Vulnerability from cvelistv5
Published
2015-12-15 02:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-imc | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/79031 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038475 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/108851 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:22:21.073Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20151211 Cisco Integrated Management Controller Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-imc", }, { name: "79031", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/79031", }, { name: "1038475", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038475", }, { name: "108851", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108851", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-12-11T00:00:00", descriptions: [ { lang: "en", value: "The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-21T11:06:06", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20151211 Cisco Integrated Management Controller Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-imc", }, { name: "79031", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/79031", }, { name: "1038475", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038475", }, { name: "108851", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108851", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2015-6399", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20151211 Cisco Integrated Management Controller Denial of Service Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-imc", }, { name: "79031", refsource: "BID", url: "http://www.securityfocus.com/bid/79031", }, { name: "1038475", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038475", }, { name: "108851", refsource: "BID", url: "http://www.securityfocus.com/bid/108851", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2015-6399", datePublished: "2015-12-15T02:00:00", dateReserved: "2015-08-17T00:00:00", dateUpdated: "2024-08-06T07:22:21.073Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0149
Vulnerability from cvelistv5
Published
2018-06-07 21:00
Modified
2024-11-29 15:05
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive browser-based information on the affected device. Cisco Bug IDs: CSCvh12994.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucsdimcs | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104444 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1041072 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Integrated Management Controller Supervisor and Cisco UCS Director unknown |
Version: Cisco Integrated Management Controller Supervisor and Cisco UCS Director unknown |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:14:16.922Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucsdimcs", }, { name: "104444", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104444", }, { name: "1041072", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041072", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0149", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T14:37:53.331019Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T15:05:19.705Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Integrated Management Controller Supervisor and Cisco UCS Director unknown", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Integrated Management Controller Supervisor and Cisco UCS Director unknown", }, ], }, ], datePublic: "2018-06-07T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive browser-based information on the affected device. Cisco Bug IDs: CSCvh12994.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-14T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucsdimcs", }, { name: "104444", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104444", }, { name: "1041072", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041072", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0149", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Integrated Management Controller Supervisor and Cisco UCS Director unknown", version: { version_data: [ { version_value: "Cisco Integrated Management Controller Supervisor and Cisco UCS Director unknown", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive browser-based information on the affected device. Cisco Bug IDs: CSCvh12994.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucsdimcs", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucsdimcs", }, { name: "104444", refsource: "BID", url: "http://www.securityfocus.com/bid/104444", }, { name: "1041072", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041072", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0149", datePublished: "2018-06-07T21:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-11-29T15:05:19.705Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6619
Vulnerability from cvelistv5
Published
2017-04-20 22:00
Modified
2024-08-05 15:33
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute arbitrary commands with root-level privileges on the affected system, which the attacker could use to conduct further attacks. Cisco Bug IDs: CSCvd14591.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97925 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Integrated Management Controller |
Version: Cisco Integrated Management Controller |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:33:20.439Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "97925", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97925", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Integrated Management Controller", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Integrated Management Controller", }, ], }, ], datePublic: "2017-04-20T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute arbitrary commands with root-level privileges on the affected system, which the attacker could use to conduct further attacks. Cisco Bug IDs: CSCvd14591.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2017-04-21T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "97925", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97925", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-6619", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Integrated Management Controller", version: { version_data: [ { version_value: "Cisco Integrated Management Controller", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute arbitrary commands with root-level privileges on the affected system, which the attacker could use to conduct further attacks. Cisco Bug IDs: CSCvd14591.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "97925", refsource: "BID", url: "http://www.securityfocus.com/bid/97925", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-6619", datePublished: "2017-04-20T22:00:00", dateReserved: "2017-03-09T00:00:00", dateUpdated: "2024-08-05T15:33:20.439Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1936
Vulnerability from cvelistv5
Published
2019-08-21 18:25
Modified
2024-11-20 17:11
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged access to an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrator privileges and then sending a malicious request to a certain part of the interface.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj | vendor-advisory, x_refsource_CISCO | |
| https://seclists.org/bugtraq/2019/Aug/49 | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2019/Aug/36 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System Director |
Version: unspecified < 6.7.3.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:35:51.267Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190821 Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj", }, { name: "20190828 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Aug/49", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html", }, { name: "20190830 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Aug/36", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1936", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T16:52:07.103028Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T17:11:20.795Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Computing System Director", vendor: "Cisco", versions: [ { lessThan: "6.7.3.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-08-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged access to an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrator privileges and then sending a malicious request to a certain part of the interface.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-02T20:06:04", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190821 Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj", }, { name: "20190828 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Aug/49", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html", }, { name: "20190830 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Aug/36", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html", }, ], source: { advisory: "cisco-sa-20190821-imcs-ucs-cmdinj", defect: [ [ "CSCvp19245", ], ], discovery: "INTERNAL", }, title: "Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-08-21T16:00:00-0700", ID: "CVE-2019-1936", STATE: "PUBLIC", TITLE: "Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Computing System Director", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "6.7.3.0", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged access to an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrator privileges and then sending a malicious request to a certain part of the interface.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "20190821 Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj", }, { name: "20190828 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Aug/49", }, { name: "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html", }, { name: "20190830 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Aug/36", }, { name: "http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html", }, ], }, source: { advisory: "cisco-sa-20190821-imcs-ucs-cmdinj", defect: [ [ "CSCvp19245", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1936", datePublished: "2019-08-21T18:25:18.494376Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-20T17:11:20.795Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1935
Vulnerability from cvelistv5
Published
2019-08-21 18:25
Modified
2024-11-19 19:00
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. Changing the default password for this account is not enforced during the installation of the product. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-usercred | vendor-advisory, x_refsource_CISCO | |
| https://seclists.org/bugtraq/2019/Aug/49 | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2019/Aug/36 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/154305/Cisco-UCS-Director-Default-scpuser-Password.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System Director |
Version: unspecified < 6.7.3.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:35:51.256Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190821 Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-usercred", }, { name: "20190828 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Aug/49", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html", }, { name: "20190830 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Aug/36", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154305/Cisco-UCS-Director-Default-scpuser-Password.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1935", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-19T17:21:12.535358Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-19T19:00:31.792Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Computing System Director", vendor: "Cisco", versions: [ { lessThan: "6.7.3.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-08-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. Changing the default password for this account is not enforced during the installation of the product. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-798", description: "CWE-798", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-02T20:06:05", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190821 Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-usercred", }, { name: "20190828 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Aug/49", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html", }, { name: "20190830 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Aug/36", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154305/Cisco-UCS-Director-Default-scpuser-Password.html", }, ], source: { advisory: "cisco-sa-20190821-imcs-usercred", defect: [ [ "CSCvp19251", ], ], discovery: "INTERNAL", }, title: "Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-08-21T16:00:00-0700", ID: "CVE-2019-1935", STATE: "PUBLIC", TITLE: "Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Computing System Director", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "6.7.3.0", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. Changing the default password for this account is not enforced during the installation of the product. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "9.8", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-798", }, ], }, ], }, references: { reference_data: [ { name: "20190821 Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-usercred", }, { name: "20190828 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Aug/49", }, { name: "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html", }, { name: "20190830 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Aug/36", }, { name: "http://packetstormsecurity.com/files/154305/Cisco-UCS-Director-Default-scpuser-Password.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154305/Cisco-UCS-Director-Default-scpuser-Password.html", }, ], }, source: { advisory: "cisco-sa-20190821-imcs-usercred", defect: [ [ "CSCvp19251", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1935", datePublished: "2019-08-21T18:25:23.444802Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-19T19:00:31.792Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1850
Vulnerability from cvelistv5
Published
2019-08-21 18:10
Modified
2024-11-20 17:12
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. An attacker would need to have valid administrator credentials on the device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker with elevated privileges could exploit this vulnerability by sending crafted commands to the administrative web management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1850 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Version: unspecified < 3.0(4k) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:28:42.888Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190821 Cisco Integrated Management Controller Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1850", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1850", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T16:52:41.663083Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T17:12:38.937Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Computing System E-Series Software (UCSE)", vendor: "Cisco", versions: [ { lessThan: "3.0(4k)", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-08-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. An attacker would need to have valid administrator credentials on the device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker with elevated privileges could exploit this vulnerability by sending crafted commands to the administrative web management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-21T18:10:12", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190821 Cisco Integrated Management Controller Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1850", }, ], source: { advisory: "cisco-sa-20190821-imc-cmdinj-1850", defect: [ [ "CSCvn20998", "CSCvq09455", ], ], discovery: "INTERNAL", }, title: "Cisco Integrated Management Controller Command Injection Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-08-21T16:00:00-0700", ID: "CVE-2019-1850", STATE: "PUBLIC", TITLE: "Cisco Integrated Management Controller Command Injection Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Computing System E-Series Software (UCSE)", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "3.0(4k)", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. An attacker would need to have valid administrator credentials on the device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker with elevated privileges could exploit this vulnerability by sending crafted commands to the administrative web management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-78", }, ], }, ], }, references: { reference_data: [ { name: "20190821 Cisco Integrated Management Controller Command Injection Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1850", }, ], }, source: { advisory: "cisco-sa-20190821-imc-cmdinj-1850", defect: [ [ "CSCvn20998", "CSCvq09455", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1850", datePublished: "2019-08-21T18:10:12.499597Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-20T17:12:38.937Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6617
Vulnerability from cvelistv5
Published
2017-04-20 22:00
Modified
2024-08-05 15:33
Severity ?
EPSS score ?
Summary
A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user's browser session on the affected system. Cisco Bug IDs: CSCvd14583.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97929 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Integrated Management Controller |
Version: Cisco Integrated Management Controller |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:33:20.434Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "97929", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97929", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Integrated Management Controller", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Integrated Management Controller", }, ], }, ], datePublic: "2017-04-20T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user's browser session on the affected system. Cisco Bug IDs: CSCvd14583.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2017-04-21T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "97929", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97929", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-6617", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Integrated Management Controller", version: { version_data: [ { version_value: "Cisco Integrated Management Controller", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user's browser session on the affected system. Cisco Bug IDs: CSCvd14583.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-287", }, ], }, ], }, references: { reference_data: [ { name: "97929", refsource: "BID", url: "http://www.securityfocus.com/bid/97929", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-6617", datePublished: "2017-04-20T22:00:00", dateReserved: "2017-03-09T00:00:00", dateUpdated: "2024-08-05T15:33:20.434Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1863
Vulnerability from cvelistv5
Published
2019-08-21 18:15
Modified
2024-11-21 19:15
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow a user with read-only privileges to change critical system configurations using administrator privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privilege | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Version: unspecified < 2.0(13o) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:28:43.087Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190821 Cisco Integrated Management Controller Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privilege", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1863", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-21T18:57:15.263803Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T19:15:47.750Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Computing System E-Series Software (UCSE)", vendor: "Cisco", versions: [ { lessThan: "2.0(13o)", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-08-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow a user with read-only privileges to change critical system configurations using administrator privileges.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-21T18:15:28", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190821 Cisco Integrated Management Controller Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privilege", }, ], source: { advisory: "cisco-sa-20190821-imc-privilege", defect: [ [ "CSCvn21011", ], ], discovery: "INTERNAL", }, title: "Cisco Integrated Management Controller Privilege Escalation Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-08-21T16:00:00-0700", ID: "CVE-2019-1863", STATE: "PUBLIC", TITLE: "Cisco Integrated Management Controller Privilege Escalation Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Computing System E-Series Software (UCSE)", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "2.0(13o)", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow a user with read-only privileges to change critical system configurations using administrator privileges.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "6.5", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-285", }, ], }, ], }, references: { reference_data: [ { name: "20190821 Cisco Integrated Management Controller Privilege Escalation Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privilege", }, ], }, source: { advisory: "cisco-sa-20190821-imc-privilege", defect: [ [ "CSCvn21011", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1863", datePublished: "2019-08-21T18:15:28.776867Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-21T19:15:47.750Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1864
Vulnerability from cvelistv5
Published
2019-08-21 18:15
Modified
2024-11-20 17:11
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending malicious commands to the web-based management interface of the affected software. A successful exploit could allow the attacker, with read-only privileges, to inject and execute arbitrary, system-level commands with root privileges on an affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1864 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Version: unspecified < 2.0(13o) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:28:42.956Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190821 Cisco Integrated Management Controller Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1864", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1864", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T16:52:23.399396Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T17:11:55.287Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Computing System E-Series Software (UCSE)", vendor: "Cisco", versions: [ { lessThan: "2.0(13o)", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-08-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending malicious commands to the web-based management interface of the affected software. A successful exploit could allow the attacker, with read-only privileges, to inject and execute arbitrary, system-level commands with root privileges on an affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-21T18:15:23", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190821 Cisco Integrated Management Controller Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1864", }, ], source: { advisory: "cisco-sa-20190821-imc-cmdinj-1864", defect: [ [ "CSCvn21003", ], ], discovery: "INTERNAL", }, title: "Cisco Integrated Management Controller Command Injection Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-08-21T16:00:00-0700", ID: "CVE-2019-1864", STATE: "PUBLIC", TITLE: "Cisco Integrated Management Controller Command Injection Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Computing System E-Series Software (UCSE)", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "2.0(13o)", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending malicious commands to the web-based management interface of the affected software. A successful exploit could allow the attacker, with read-only privileges, to inject and execute arbitrary, system-level commands with root privileges on an affected device.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "8.8", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-78", }, ], }, ], }, references: { reference_data: [ { name: "20190821 Cisco Integrated Management Controller Command Injection Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1864", }, ], }, source: { advisory: "cisco-sa-20190821-imc-cmdinj-1864", defect: [ [ "CSCvn21003", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1864", datePublished: "2019-08-21T18:15:23.313073Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-20T17:11:55.287Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1865
Vulnerability from cvelistv5
Published
2019-08-21 18:15
Modified
2024-11-20 17:12
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by invoking an interface monitoring mechanism with a crafted argument on the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1865 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Version: unspecified < 2.0(13o) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:28:42.892Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190821 Cisco Integrated Management Controller Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1865", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1865", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T16:52:26.018979Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T17:12:05.135Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Computing System E-Series Software (UCSE)", vendor: "Cisco", versions: [ { lessThan: "2.0(13o)", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-08-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by invoking an interface monitoring mechanism with a crafted argument on the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-21T18:15:18", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190821 Cisco Integrated Management Controller Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1865", }, ], source: { advisory: "cisco-sa-20190821-imc-cmdinj-1865", defect: [ [ "CSCvn20993", ], ], discovery: "INTERNAL", }, title: "Cisco Integrated Management Controller Command Injection Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-08-21T16:00:00-0700", ID: "CVE-2019-1865", STATE: "PUBLIC", TITLE: "Cisco Integrated Management Controller Command Injection Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Computing System E-Series Software (UCSE)", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "2.0(13o)", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by invoking an interface monitoring mechanism with a crafted argument on the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "8.8", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-78", }, ], }, ], }, references: { reference_data: [ { name: "20190821 Cisco Integrated Management Controller Command Injection Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1865", }, ], }, source: { advisory: "cisco-sa-20190821-imc-cmdinj-1865", defect: [ [ "CSCvn20993", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1865", datePublished: "2019-08-21T18:15:18.639880Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-20T17:12:05.135Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1908
Vulnerability from cvelistv5
Published
2019-08-21 18:25
Modified
2024-11-19 19:00
Severity ?
EPSS score ?
Summary
A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the affected software. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-infodisc | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System (Management Software) |
Version: unspecified < 3.0(4k) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:35:52.083Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190821 Cisco Integrated Management Controller Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-infodisc", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1908", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-19T17:23:23.161578Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-19T19:00:21.605Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Computing System (Management Software)", vendor: "Cisco", versions: [ { lessThan: "3.0(4k)", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-08-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the affected software. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional attacks.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-21T18:25:28", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190821 Cisco Integrated Management Controller Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-infodisc", }, ], source: { advisory: "cisco-sa-20190821-imc-infodisc", defect: [ [ "CSCvo36096", ], ], discovery: "INTERNAL", }, title: "Cisco Integrated Management Controller Information Disclosure Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-08-21T16:00:00-0700", ID: "CVE-2019-1908", STATE: "PUBLIC", TITLE: "Cisco Integrated Management Controller Information Disclosure Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Computing System (Management Software)", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "3.0(4k)", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the affected software. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional attacks.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "7.5", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200", }, ], }, ], }, references: { reference_data: [ { name: "20190821 Cisco Integrated Management Controller Information Disclosure Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-infodisc", }, ], }, source: { advisory: "cisco-sa-20190821-imc-infodisc", defect: [ [ "CSCvo36096", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1908", datePublished: "2019-08-21T18:25:28.253997Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-19T19:00:21.605Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44228
Vulnerability from cvelistv5
Published
2021-12-10 00:00
Modified
2025-02-04 14:25
Severity ?
EPSS score ?
Summary
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Log4j2 |
Version: 2.0-beta9 < log4j-core* |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:17:24.696Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { name: "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/1", }, { name: "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/2", }, { name: "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/3", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211210-0007/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html", }, { name: "DSA-5020", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-5020", }, { name: "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html", }, { name: "FEDORA-2021-f0f501d01f", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/", }, { name: "Microsoft’s Response to CVE-2021-44228 Apache Log4j 2", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/", }, { name: "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/2", }, { name: "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/1", }, { name: "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/14/4", }, { name: "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "VU#930724", tags: [ "third-party-advisory", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { tags: [ "x_transferred", ], url: "https://twitter.com/kurtseifried/status/1469345530182455296", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html", }, { tags: [ "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html", }, { name: "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/15/3", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf", }, { name: "FEDORA-2021-66d6c484f3", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html", }, { tags: [ "x_transferred", ], url: "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html", }, { name: "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Mar/23", }, { tags: [ "x_transferred", ], url: "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001", }, { tags: [ "x_transferred", ], url: "https://github.com/cisagov/log4j-affected-db", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213189", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_transferred", ], url: "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228", }, { tags: [ "x_transferred", ], url: "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html", }, { name: "20220721 Open-Xchange Security Advisory 2022-07-21", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Jul/11", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html", }, { name: "20221208 Intel Data Center Manager <= 5.1 Local Privileges Escalation", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/2", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2021-44228", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T14:25:34.416117Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-12-10", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-44228", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2025-02-04T14:25:37.215Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Apache Log4j2", vendor: "Apache Software Foundation", versions: [ { changes: [ { at: "2.3.1", status: "unaffected", }, { at: "2.4", status: "affected", }, { at: "2.12.2", status: "unaffected", }, { at: "2.13.0", status: "affected", }, { at: "2.15.0", status: "unaffected", }, ], lessThan: "log4j-core*", status: "affected", version: "2.0-beta9", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team.", }, ], descriptions: [ { lang: "en", value: "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.", }, ], metrics: [ { other: { content: { other: "critical", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-03T00:00:00.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://logging.apache.org/log4j/2.x/security.html", }, { name: "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/1", }, { name: "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/2", }, { name: "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/3", }, { url: "https://security.netapp.com/advisory/ntap-20211210-0007/", }, { url: "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { url: "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html", }, { name: "DSA-5020", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2021/dsa-5020", }, { name: "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html", }, { name: "FEDORA-2021-f0f501d01f", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/", }, { name: "Microsoft’s Response to CVE-2021-44228 Apache Log4j 2", tags: [ "vendor-advisory", ], url: "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/", }, { name: "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/2", }, { name: "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/1", }, { name: "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/12/14/4", }, { name: "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "VU#930724", tags: [ "third-party-advisory", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { url: "https://twitter.com/kurtseifried/status/1469345530182455296", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf", }, { url: "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html", }, { url: "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { url: "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html", }, { url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html", }, { name: "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/12/15/3", }, { url: "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html", }, { url: "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html", }, { url: "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html", }, { url: "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html", }, { url: "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf", }, { name: "FEDORA-2021-66d6c484f3", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/", }, { url: "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { url: "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html", }, { url: "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md", }, { url: "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html", }, { url: "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html", }, { name: "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Mar/23", }, { url: "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001", }, { url: "https://github.com/cisagov/log4j-affected-db", }, { url: "https://support.apple.com/kb/HT213189", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { url: "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228", }, { url: "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html", }, { name: "20220721 Open-Xchange Security Advisory 2022-07-21", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Jul/11", }, { url: "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html", }, { url: "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html", }, { name: "20221208 Intel Data Center Manager <= 5.1 Local Privileges Escalation", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/2", }, { url: "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-44228", datePublished: "2021-12-10T00:00:00.000Z", dateReserved: "2021-11-26T00:00:00.000Z", dateUpdated: "2025-02-04T14:25:37.215Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1896
Vulnerability from cvelistv5
Published
2019-08-21 18:20
Modified
2024-11-20 17:11
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Version: unspecified < 3.0(4k) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:35:51.570Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190821 Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1896", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T16:52:21.918460Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T17:11:47.410Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Computing System E-Series Software (UCSE)", vendor: "Cisco", versions: [ { lessThan: "3.0(4k)", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-08-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-21T18:20:28", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190821 Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896", }, ], source: { advisory: "cisco-sa-20190821-imc-cmdinject-1896", defect: [ [ "CSCvo36057", ], ], discovery: "INTERNAL", }, title: "Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-08-21T16:00:00-0700", ID: "CVE-2019-1896", STATE: "PUBLIC", TITLE: "Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Computing System E-Series Software (UCSE)", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "3.0(4k)", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-78", }, ], }, ], }, references: { reference_data: [ { name: "20190821 Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896", }, ], }, source: { advisory: "cisco-sa-20190821-imc-cmdinject-1896", defect: [ [ "CSCvo36057", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1896", datePublished: "2019-08-21T18:20:28.706884Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-20T17:11:47.410Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6616
Vulnerability from cvelistv5
Published
2017-04-20 22:00
Modified
2024-08-05 15:33
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user on the affected system. Cisco Bug IDs: CSCvd14578.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/97928 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Integrated Management Controller |
Version: Cisco Integrated Management Controller |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:33:20.464Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3", }, { name: "97928", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97928", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Integrated Management Controller", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Integrated Management Controller", }, ], }, ], datePublic: "2017-04-20T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user on the affected system. Cisco Bug IDs: CSCvd14578.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2017-04-21T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3", }, { name: "97928", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97928", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-6616", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Integrated Management Controller", version: { version_data: [ { version_value: "Cisco Integrated Management Controller", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user on the affected system. Cisco Bug IDs: CSCvd14578.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3", }, { name: "97928", refsource: "BID", url: "http://www.securityfocus.com/bid/97928", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-6616", datePublished: "2017-04-20T22:00:00", dateReserved: "2017-03-09T00:00:00", dateUpdated: "2024-08-05T15:33:20.464Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1974
Vulnerability from cvelistv5
Published
2019-08-21 18:30
Modified
2024-11-19 18:59
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to gain full administrative access to the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypass | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System Director |
Version: unspecified < 6.7.3.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:35:52.473Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190821 Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypass", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1974", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-19T17:21:11.254332Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-19T18:59:04.565Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Computing System Director", vendor: "Cisco", versions: [ { lessThan: "6.7.3.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-08-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to gain full administrative access to the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-21T18:30:19", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190821 Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypass", }, ], source: { advisory: "cisco-sa-20190821-imcs-ucs-authbypass", defect: [ [ "CSCvq48630", ], ], discovery: "INTERNAL", }, title: "Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-08-21T16:00:00-0700", ID: "CVE-2019-1974", STATE: "PUBLIC", TITLE: "Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Computing System Director", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "6.7.3.0", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to gain full administrative access to the affected device.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "9.8", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-287", }, ], }, ], }, references: { reference_data: [ { name: "20190821 Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypass", }, ], }, source: { advisory: "cisco-sa-20190821-imcs-ucs-authbypass", defect: [ [ "CSCvq48630", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1974", datePublished: "2019-08-21T18:30:19.438155Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-19T18:59:04.565Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-3329
Vulnerability from cvelistv5
Published
2020-05-06 16:40
Modified
2024-11-15 17:26
Severity ?
EPSS score ?
Summary
A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to incorrect allocation of the enable/disable action button under the role-based access control code on an affected system. An attacker could exploit this vulnerability by authenticating as a read-only user and then updating the roles of other users to disable them. A successful exploit could allow the attacker to disable users, including administrative users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-Ar6BAguz | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco UCS Director |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:30:57.873Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20200506 Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Role-Based Access Control Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-Ar6BAguz", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-3329", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-15T16:28:45.810858Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T17:26:11.223Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco UCS Director", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-05-06T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to incorrect allocation of the enable/disable action button under the role-based access control code on an affected system. An attacker could exploit this vulnerability by authenticating as a read-only user and then updating the roles of other users to disable them. A successful exploit could allow the attacker to disable users, including administrative users.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-06T16:40:51", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20200506 Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Role-Based Access Control Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-Ar6BAguz", }, ], source: { advisory: "cisco-sa-ucsd-Ar6BAguz", defect: [ [ "CSCvs11314", "CSCvs35506", "CSCvs35510", ], ], discovery: "INTERNAL", }, title: "Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Role-Based Access Control Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2020-05-06T16:00:00-0700", ID: "CVE-2020-3329", STATE: "PUBLIC", TITLE: "Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Role-Based Access Control Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco UCS Director", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to incorrect allocation of the enable/disable action button under the role-based access control code on an affected system. An attacker could exploit this vulnerability by authenticating as a read-only user and then updating the roles of other users to disable them. A successful exploit could allow the attacker to disable users, including administrative users.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "4.3", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-284", }, ], }, ], }, references: { reference_data: [ { name: "20200506 Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Role-Based Access Control Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-Ar6BAguz", }, ], }, source: { advisory: "cisco-sa-ucsd-Ar6BAguz", defect: [ [ "CSCvs11314", "CSCvs35506", "CSCvs35510", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2020-3329", datePublished: "2020-05-06T16:40:52.049088Z", dateReserved: "2019-12-12T00:00:00", dateUpdated: "2024-11-15T17:26:11.223Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1900
Vulnerability from cvelistv5
Published
2019-08-21 18:20
Modified
2024-11-19 19:00
Severity ?
EPSS score ?
Summary
A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an attacker to cause the web server to crash. Physical access to the device may be required for a restart.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-dos | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System (Management Software) |
Version: unspecified < 4.0(2f) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:35:50.821Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190821 Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-dos", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1900", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-19T17:23:24.745341Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-19T19:00:42.017Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Computing System (Management Software)", vendor: "Cisco", versions: [ { lessThan: "4.0(2f)", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-08-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an attacker to cause the web server to crash. Physical access to the device may be required for a restart.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-21T18:20:18", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190821 Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-dos", }, ], source: { advisory: "cisco-sa-20190821-imc-dos", defect: [ [ "CSCvo36063", ], ], discovery: "INTERNAL", }, title: "Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-08-21T16:00:00-0700", ID: "CVE-2019-1900", STATE: "PUBLIC", TITLE: "Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Computing System (Management Software)", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "4.0(2f)", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an attacker to cause the web server to crash. Physical access to the device may be required for a restart.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "7.5", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-476", }, ], }, ], }, references: { reference_data: [ { name: "20190821 Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-dos", }, ], }, source: { advisory: "cisco-sa-20190821-imc-dos", defect: [ [ "CSCvo36063", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1900", datePublished: "2019-08-21T18:20:18.852172Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-19T19:00:42.017Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-6259
Vulnerability from cvelistv5
Published
2015-09-04 01:00
Modified
2024-08-06 07:15
Severity ?
EPSS score ?
Summary
The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1033451 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:15:13.313Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20150902 Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs", }, { name: "1033451", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1033451", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-09-02T00:00:00", descriptions: [ { lang: "en", value: "The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-20T16:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20150902 Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs", }, { name: "1033451", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1033451", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2015-6259", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20150902 Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs", }, { name: "1033451", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1033451", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2015-6259", datePublished: "2015-09-04T01:00:00", dateReserved: "2015-08-17T00:00:00", dateUpdated: "2024-08-06T07:15:13.313Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6618
Vulnerability from cvelistv5
Published
2017-04-20 22:00
Modified
2024-08-05 15:33
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading an authenticated user of the web-based GUI on an affected system to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the web-based GUI on the affected system. Cisco Bug IDs: CSCvd14587.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97927 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Integrated Management Controller |
Version: Cisco Integrated Management Controller |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:33:20.448Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "97927", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97927", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Integrated Management Controller", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Integrated Management Controller", }, ], }, ], datePublic: "2017-04-20T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading an authenticated user of the web-based GUI on an affected system to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the web-based GUI on the affected system. Cisco Bug IDs: CSCvd14587.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2017-04-21T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "97927", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97927", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-6618", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Integrated Management Controller", version: { version_data: [ { version_value: "Cisco Integrated Management Controller", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading an authenticated user of the web-based GUI on an affected system to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the web-based GUI on the affected system. Cisco Bug IDs: CSCvd14587.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "97927", refsource: "BID", url: "http://www.securityfocus.com/bid/97927", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-6618", datePublished: "2017-04-20T22:00:00", dateReserved: "2017-03-09T00:00:00", dateUpdated: "2024-08-05T15:33:20.448Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1634
Vulnerability from cvelistv5
Published
2019-08-21 18:10
Modified
2024-11-20 17:12
Severity ?
EPSS score ?
Summary
A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of user-supplied commands. An attacker who has administrator privileges and access to the network where the IPMI resides could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to gain root privileges on the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1634 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Version: unspecified < 2.0(13o) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:20:28.540Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190821 Cisco Integrated Management Controller Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1634", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1634", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T16:52:32.268721Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T17:12:22.326Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Computing System E-Series Software (UCSE)", vendor: "Cisco", versions: [ { lessThan: "2.0(13o)", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-08-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of user-supplied commands. An attacker who has administrator privileges and access to the network where the IPMI resides could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to gain root privileges on the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-21T18:10:22", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190821 Cisco Integrated Management Controller Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1634", }, ], source: { advisory: "cisco-sa-20190821-imc-cmdinject-1634", defect: [ [ "CSCvo35971", ], ], discovery: "INTERNAL", }, title: "Cisco Integrated Management Controller Command Injection Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-08-21T16:00:00-0700", ID: "CVE-2019-1634", STATE: "PUBLIC", TITLE: "Cisco Integrated Management Controller Command Injection Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Computing System E-Series Software (UCSE)", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "2.0(13o)", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of user-supplied commands. An attacker who has administrator privileges and access to the network where the IPMI resides could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to gain root privileges on the affected device.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-78", }, ], }, ], }, references: { reference_data: [ { name: "20190821 Cisco Integrated Management Controller Command Injection Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1634", }, ], }, source: { advisory: "cisco-sa-20190821-imc-cmdinject-1634", defect: [ [ "CSCvo35971", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1634", datePublished: "2019-08-21T18:10:22.475514Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-20T17:12:22.326Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-15404
Vulnerability from cvelistv5
Published
2018-10-05 14:00
Modified
2024-11-26 14:32
Severity ?
EPSS score ?
Summary
A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient restrictions on the size or total amount of resources allowed via the web interface. An attacker who has valid credentials for the application could exploit this vulnerability by sending a crafted or malformed HTTP request to the web interface. A successful exploit could allow the attacker to cause oversubscription of system resources or cause a component to become unresponsive, resulting in a DoS condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-imcs-ucsd-dos | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System Director |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:54:03.452Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20181003 Cisco Integrated Management Controller Supervisor and Cisco UCS Director System Resources Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-imcs-ucsd-dos", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-15404", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-25T18:47:59.220222Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-26T14:32:07.570Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Computing System Director", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-10-03T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient restrictions on the size or total amount of resources allowed via the web interface. An attacker who has valid credentials for the application could exploit this vulnerability by sending a crafted or malformed HTTP request to the web interface. A successful exploit could allow the attacker to cause oversubscription of system resources or cause a component to become unresponsive, resulting in a DoS condition.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-399", description: "CWE-399", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-05T13:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20181003 Cisco Integrated Management Controller Supervisor and Cisco UCS Director System Resources Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-imcs-ucsd-dos", }, ], source: { advisory: "cisco-sa-20181003-imcs-ucsd-dos", defect: [ [ "CSCvj95431", "CSCvk10284", ], ], discovery: "UNKNOWN", }, title: "Cisco Integrated Management Controller Supervisor and Cisco UCS Director System Resources Denial of Service Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2018-10-03T16:00:00-0500", ID: "CVE-2018-15404", STATE: "PUBLIC", TITLE: "Cisco Integrated Management Controller Supervisor and Cisco UCS Director System Resources Denial of Service Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Computing System Director", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient restrictions on the size or total amount of resources allowed via the web interface. An attacker who has valid credentials for the application could exploit this vulnerability by sending a crafted or malformed HTTP request to the web interface. A successful exploit could allow the attacker to cause oversubscription of system resources or cause a component to become unresponsive, resulting in a DoS condition.", }, ], }, impact: { cvss: { baseScore: "6.5", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-399", }, ], }, ], }, references: { reference_data: [ { name: "20181003 Cisco Integrated Management Controller Supervisor and Cisco UCS Director System Resources Denial of Service Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-imcs-ucsd-dos", }, ], }, source: { advisory: "cisco-sa-20181003-imcs-ucsd-dos", defect: [ [ "CSCvj95431", "CSCvk10284", ], ], discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-15404", datePublished: "2018-10-05T14:00:00Z", dateReserved: "2018-08-17T00:00:00", dateUpdated: "2024-11-26T14:32:07.570Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }