CVE-2019-1900: Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability
First published: Wed Aug 21 2019(Updated: )
A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an attacker to cause the web server to crash. Physical access to the device may be required for a restart.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Computing System | =4.0\(1c\)hs3 | |
| Cisco Integrated Management Controller Supervisor | >=4.0.0.0<4.0\(2f\) | |
| Cisco Ucs C125 M5 | ||
| Cisco Ucs C4200 | ||
| Cisco Ucs S3260 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-1900?
CVE-2019-1900 is a vulnerability in the web server of Cisco Integrated Management Controller (IMC) that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system.
How does CVE-2019-1900 impact Cisco Unified Computing System?
Cisco Unified Computing System version 4.0(1c)hs3 is affected by CVE-2019-1900, which could cause the web server process to crash and result in a denial of service (DoS) condition.
How does CVE-2019-1900 impact Cisco Integrated Management Controller Supervisor?
Cisco Integrated Management Controller Supervisor versions between 4.0.0.0 and 4.0(2f) are affected by CVE-2019-1900, which could cause the web server process to crash and result in a denial of service (DoS) condition.
Is Cisco Ucs C125 M5 vulnerable to CVE-2019-1900?
No, Cisco Ucs C125 M5 is not vulnerable to CVE-2019-1900.
Is Cisco Ucs C4200 vulnerable to CVE-2019-1900?
No, Cisco Ucs C4200 is not vulnerable to CVE-2019-1900.
Is Cisco Ucs S3260 vulnerable to CVE-2019-1900?
No, Cisco Ucs S3260 is not vulnerable to CVE-2019-1900.
How can I fix CVE-2019-1900?
Cisco has released a security advisory with the necessary patches and mitigations for CVE-2019-1900. You should update your affected systems with the latest available patches to mitigate this vulnerability.
Where can I find more information about CVE-2019-1900?
You can find more information about CVE-2019-1900 on the Cisco Security Advisory page at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-dos
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/title
- agent/references
- agent/author
- agent/last-modified-date
- agent/event
- agent/description
- agent/first-publish-date
- agent/tags
- vendor/cisco
- canonical/cisco unified computing system
- version/cisco unified computing system/4.0\(1c\)hs3
- canonical/cisco integrated management controller supervisor
- version/cisco integrated management controller supervisor/4.0.0.0
- canonical/cisco ucs c125 m5
- canonical/cisco ucs c4200
- canonical/cisco ucs s3260