CVE-2019-1863: Cisco Integrated Management Controller Privilege Escalation Vulnerability
First published: Wed Aug 21 2019(Updated: )
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow a user with read-only privileges to change critical system configurations using administrator privileges.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Computing System | =4.0\(1c\)hs3 | |
| Cisco Integrated Management Controller Supervisor | >=1.5.0.0<1.5\(9g\) | |
| Cisco Integrated Management Controller Supervisor | >=2.0.0.0<2.0\(13o\) | |
| Cisco Integrated Management Controller Supervisor | >=3.0.0.0<3.0\(4k\) | |
| Cisco Integrated Management Controller Supervisor | >=4.0.0.0<4.0\(4b\) | |
| Cisco Encs 5100 | ||
| Cisco Encs 5400 | ||
| Cisco Ucs-e1120d-m3 | ||
| Cisco Ucs-e140s-m2 | ||
| Cisco Ucs-e160d-m2 | ||
| Cisco Ucs-e160s-m3 | ||
| Cisco Ucs-e168d-m2 | ||
| Cisco Ucs-e180d-m3 | ||
| Cisco Ucs C125 M5 | ||
| Cisco Ucs C4200 | ||
| Cisco Ucs S3260 | ||
| Cisco Integrated Management Controller Supervisor | >=4.0.0.0<4.0\(1d\) | |
| Cisco Integrated Management Controller Supervisor | >=4.0.0.0<4.0\(2c\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-1863?
CVE-2019-1863 is a vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software that could allow an authenticated, remote attacker to make unauthorized changes to the system configuration.
How severe is CVE-2019-1863?
CVE-2019-1863 has a severity rating of 8.1 (critical).
Which systems are affected by CVE-2019-1863?
CVE-2019-1863 affects Cisco Unified Computing System (UCS) versions 4.0(1c)hs3, Cisco Integrated Management Controller Supervisor versions 1.5.0.0 to 1.5(9g), 2.0.0.0 to 2.0(13o), 3.0.0.0 to 3.0(4k), and 4.0.0.0 to 4.0(4b).
How do I fix CVE-2019-1863?
To fix CVE-2019-1863, Cisco recommends upgrading to a fixed software release as mentioned in the Cisco Security Advisory.
Where can I find more information about CVE-2019-1863?
You can find more information about CVE-2019-1863 in the Cisco Security Advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privilege
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/title
- agent/last-modified-date
- agent/references
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco unified computing system
- version/cisco unified computing system/4.0\(1c\)hs3
- canonical/cisco integrated management controller supervisor
- version/cisco integrated management controller supervisor/1.5.0.0
- version/cisco integrated management controller supervisor/2.0.0.0
- version/cisco integrated management controller supervisor/3.0.0.0
- version/cisco integrated management controller supervisor/4.0.0.0
- canonical/cisco encs 5100
- canonical/cisco encs 5400
- canonical/cisco ucs-e1120d-m3
- canonical/cisco ucs-e140s-m2
- canonical/cisco ucs-e160d-m2
- canonical/cisco ucs-e160s-m3
- canonical/cisco ucs-e168d-m2
- canonical/cisco ucs-e180d-m3
- canonical/cisco ucs c125 m5
- canonical/cisco ucs c4200
- canonical/cisco ucs s3260