vulnerability

Cisco UCS Device: Missing Authentication for Critical Function (CVE-2019-1629)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Jun 20, 2019	Sep 25, 2019	Sep 25, 2019

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Jun 20, 2019

Added

Sep 25, 2019

Modified

Sep 25, 2019

Description

A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the affected device. An exploit could allow the attacker to fill up the filesystem or upload malicious scripts.

Solutions

cisco-ucs-device-upgrade-3_1-3icisco-ucs-device-upgrade-4_0-4c

References

BID-108852
CVE-2019-1629
https://attackerkb.com/topics/CVE-2019-1629
URL-http://www.securityfocus.com/bid/108852
URL-https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-filewrite

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today