vulnerability
Cisco UCS Device: Missing Authentication for Critical Function (CVE-2019-1629)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Jun 20, 2019 | Sep 25, 2019 | Sep 25, 2019 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Jun 20, 2019
Added
Sep 25, 2019
Modified
Sep 25, 2019
Description
A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the affected device. An exploit could allow the attacker to fill up the filesystem or upload malicious scripts.
Solutions
cisco-ucs-device-upgrade-3_1-3icisco-ucs-device-upgrade-4_0-4c
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.