CVE-2019-1908: Cisco Integrated Management Controller Information Disclosure Vulnerability
First published: Wed Aug 21 2019(Updated: )
A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the affected software. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional attacks.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Computing System | =4.0\(1c\)hs3 | |
| Cisco Integrated Management Controller Supervisor | >=2.0.0.0<2.0\(13o\) | |
| Cisco Integrated Management Controller Supervisor | >=3.0.0.0<3.0\(4k\) | |
| Cisco Integrated Management Controller Supervisor | >=4.0.0.0<4.0\(4b\) | |
| Cisco Ucs C125 M5 | ||
| Cisco Ucs C4200 | ||
| Cisco Ucs S3260 | ||
| Cisco Integrated Management Controller Supervisor | >=4.0.0.0<4.0\(2f\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2019-1908.
What is the severity of CVE-2019-1908?
The severity of CVE-2019-1908 is high with a CVSS score of 7.5.
Which software is affected by CVE-2019-1908?
Cisco Unified Computing System 4.0(1c)hs3 and Cisco Integrated Management Controller Supervisor versions 2.0(0.0)-2.0(13o), 3.0(0.0)-3.0(4k), and 4.0(0.0)-4.0(4b) are affected by CVE-2019-1908.
What is the vulnerability in IPMI implementation?
The vulnerability is due to insufficient security restrictions imposed by the IPMI implementation of Cisco Integrated Management Controller (IMC).
How can an attacker exploit CVE-2019-1908?
An unauthenticated, remote attacker can exploit CVE-2019-1908 to view sensitive system information.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco unified computing system
- version/cisco unified computing system/4.0\(1c\)hs3
- canonical/cisco integrated management controller supervisor
- version/cisco integrated management controller supervisor/2.0.0.0
- version/cisco integrated management controller supervisor/3.0.0.0
- version/cisco integrated management controller supervisor/4.0.0.0
- canonical/cisco ucs c125 m5
- canonical/cisco ucs c4200
- canonical/cisco ucs s3260