8.6
CVE-2019-12634
- EPSS 1.22%
- Published 21.08.2019 19:15:13
- Last modified 21.11.2024 04:23:13
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inability to maintain a session in the web-based management portal.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Integrated Management Controller Supervisor Version >= 2.2.0.3 <= 2.2.0.6
Cisco ≫ Ucs Director Version >= 6.7.0.0 <= 6.7.2.0
Cisco ≫ Ucs Director Version6.6.0.0
Cisco ≫ Ucs Director Version6.6.1.0
Cisco ≫ Ucs Director Express For Big Data Version >= 3.7.0.0 <= 3.7.2.0
Cisco ≫ Ucs Director Express For Big Data Version3.6.0.0
Cisco ≫ Ucs Director Express For Big Data Version3.6.1.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.22% | 0.771 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| psirt@cisco.com | 8.6 | 3.9 | 4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.