21/8/2019
19/11/2024
CVE-2019-12634: Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Denial of Service Vulnerability
First published: Wed Aug 21 2019(Updated: )
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inability to maintain a session in the web-based management portal.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|
Cisco Integrated Management Controller Supervisor | >=2.2.0.3<=2.2.0.6 | |
Cisco UCS Director | >=6.7.0.0<=6.7.2.0 | |
Cisco UCS Director | =6.6.0.0 | |
Cisco UCS Director | =6.6.1.0 | |
Cisco UCS Director Express for Big Data | >=3.7.0.0<=3.7.2.0 | |
Cisco UCS Director Express for Big Data | =3.6.0.0 | |
Cisco UCS Director Express for Big Data | =3.6.1.0 | |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-12634?
CVE-2019-12634 is a vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data.
How does CVE-2019-12634 affect Cisco Integrated Management Controller Supervisor?
CVE-2019-12634 affects Cisco Integrated Management Controller Supervisor versions 2.2.0.3 to 2.2.0.6.
How does CVE-2019-12634 affect Cisco UCS Director?
CVE-2019-12634 affects Cisco UCS Director versions 6.7.0.0 to 6.7.2.0.
How does CVE-2019-12634 affect Cisco UCS Director Express for Big Data?
CVE-2019-12634 affects Cisco UCS Director Express for Big Data versions 3.7.0.0 to 3.7.2.0.
What is the severity of CVE-2019-12634?
CVE-2019-12634 has a severity rating of 7.5 (High).
How can I fix CVE-2019-12634?
To fix CVE-2019-12634, Cisco has released software updates for the affected products. It is recommended to update to the latest available version.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- vendor/cisco
- canonical/cisco integrated management controller supervisor
- version/cisco integrated management controller supervisor/2.2.0.3
- version/cisco integrated management controller supervisor/2.2.0.6
- canonical/cisco ucs director
- version/cisco ucs director/6.7.0.0
- version/cisco ucs director/6.7.2.0
- version/cisco ucs director/6.6.0.0
- version/cisco ucs director/6.6.1.0
- canonical/cisco ucs director express for big data
- version/cisco ucs director express for big data/3.7.0.0
- version/cisco ucs director express for big data/3.7.2.0
- version/cisco ucs director express for big data/3.6.0.0
- version/cisco ucs director express for big data/3.6.1.0
Contact
SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.coBy using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203