Rapid7 Vulnerability & Exploit Database

Cisco UCS Device: Missing Authentication for Critical Function (CVE-2019-1629)

Back to Search

Cisco UCS Device: Missing Authentication for Critical Function (CVE-2019-1629)

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
06/20/2019
Created
09/26/2019
Added
09/25/2019
Modified
09/25/2019

Description

A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the affected device. An exploit could allow the attacker to fill up the filesystem or upload malicious scripts.

Solution(s)

  • cisco-ucs-device-upgrade-3_1-3i
  • cisco-ucs-device-upgrade-4_0-4c

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;