How severe is CVE-2019-1974?

CVE-2019-1974 has a severity value of 9.8, which is considered critical.

What is the affected software for CVE-2019-1974?

The affected software includes Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data.

How can an attacker exploit CVE-2019-1974?

An attacker can exploit CVE-2019-1974 by bypassing user authentication and gaining access as an administrative user.

Where can I find more information about CVE-2019-1974?

You can find more information about CVE-2019-1974 on the Cisco Security Advisory website.

Vulnerability/
CVE-2019-1974

critical

CWE

287

21/8/2019

16/9/2024

CVE-2019-1974: Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability

Q: What is CVE-2019-1974?

CVE-2019-1974 is a vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data.

First published: Wed Aug 21 2019(Updated: )

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to gain full administrative access to the affected device.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Integrated Management Controller Supervisor	>=2.2.0.0<=2.2.0.6
Cisco Integrated Management Controller Supervisor	=2.1.0.0
Cisco UCS Director	>=5.5.0.0<=5.5.0.2
Cisco UCS Director	>=6.0.0.0<=6.0.1.3
Cisco UCS Director	>=6.5.0.0<=6.5.0.3
Cisco UCS Director	>=6.6.0.0<=6.6.1.0
Cisco UCS Director	>=6.7.0.0<=6.7.2.0
Cisco UCS Director	=6.7\(1.1\)
Cisco UCS Director	=6.7\(2.0\)
Cisco UCS Director Express for Big Data	>=2.1.0.0<=2.1.0.2
Cisco UCS Director Express for Big Data	>=3.0.0.0<=3.0.1.3
Cisco UCS Director Express for Big Data	>=3.5.0.0<=3.5.0.3
Cisco UCS Director Express for Big Data	>=3.7.0.0<=3.7.2.0
Cisco UCS Director Express for Big Data	=3.6.0.0
Cisco UCS Director Express for Big Data	=3.6.1.0

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypass

Frequently Asked Questions

What is CVE-2019-1974?
CVE-2019-1974 is a vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data.
How severe is CVE-2019-1974?
CVE-2019-1974 has a severity value of 9.8, which is considered critical.
What is the affected software for CVE-2019-1974?
The affected software includes Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data.
How can an attacker exploit CVE-2019-1974?
An attacker can exploit CVE-2019-1974 by bypassing user authentication and gaining access as an administrative user.
Where can I find more information about CVE-2019-1974?
You can find more information about CVE-2019-1974 on the Cisco Security Advisory website.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/weakness
agent/title
agent/last-modified-date
agent/author
agent/first-publish-date
agent/tags
agent/description
agent/event
vendor/cisco
canonical/cisco integrated management controller supervisor
version/cisco integrated management controller supervisor/2.2.0.0
version/cisco integrated management controller supervisor/2.2.0.6
version/cisco integrated management controller supervisor/2.1.0.0
canonical/cisco ucs director
version/cisco ucs director/5.5.0.0
version/cisco ucs director/5.5.0.2
version/cisco ucs director/6.0.0.0
version/cisco ucs director/6.0.1.3
version/cisco ucs director/6.5.0.0
version/cisco ucs director/6.5.0.3
version/cisco ucs director/6.6.0.0
version/cisco ucs director/6.6.1.0
version/cisco ucs director/6.7.0.0
version/cisco ucs director/6.7.2.0
version/cisco ucs director/6.7\(1.1\)
version/cisco ucs director/6.7\(2.0\)
canonical/cisco ucs director express for big data
version/cisco ucs director express for big data/2.1.0.0
version/cisco ucs director express for big data/2.1.0.2
version/cisco ucs director express for big data/3.0.0.0
version/cisco ucs director express for big data/3.0.1.3
version/cisco ucs director express for big data/3.5.0.0
version/cisco ucs director express for big data/3.5.0.3
version/cisco ucs director express for big data/3.7.0.0
version/cisco ucs director express for big data/3.7.2.0
version/cisco ucs director express for big data/3.6.0.0
version/cisco ucs director express for big data/3.6.1.0

CVE-2019-1974: Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-1974?

How severe is CVE-2019-1974?

What is the affected software for CVE-2019-1974?

How can an attacker exploit CVE-2019-1974?

Where can I find more information about CVE-2019-1974?

Company

Resources

Contact