The vulnerability of the Supervisor component of the Cisco Integrated Management Controller (IMC), as well as the physical infrastructure management tools and Cisco UCS Director and Cisco UCS Director Express for Big Data virtual environments, is related to the existence of a standard account with an undocumented password and incorrect access rights settings for this account. This allows an attacker to gain access to the command-line interface of the target system with administrator privileges.

Cisco IMC Supervisor tools expose a standard account with an undocumented password, enabling admin command line access.

Reporter	Title	Published	Views	Family All 18
0day.today	Cisco UCS Director, Cisco Integrated Management Controller Supervisor - Multiple Vulnerabilities	29 Aug 201900:00	–	zdt
0day.today	Cisco UCS Director Default scpuser Password Exploit	2 Sep 201900:00	–	zdt
Circl	CVE-2019-1935	2 Sep 201915:56	–	circl
Cisco	Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability	21 Aug 201916:00	–	cisco
Tenable Nessus	Cisco UCS Director SCP User Default Credentials (cisco-sa-20190821-imcs-usercred)	11 Dec 201900:00	–	nessus
CNVD	Cisco Integrated Management Controller Supervisor, Cisco UCS Director and Cisco UCS Director Express for Big Data Trust Management Issue Vulnerabilities	26 Aug 201900:00	–	cnvd
CVE	CVE-2019-1935	21 Aug 201918:25	–	cve
Cvelist	CVE-2019-1935 Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability	21 Aug 201918:25	–	cvelist
Exploit DB	Cisco UCS Director - default scpuser password (Metasploit)	3 Sep 201900:00	–	exploitdb
exploitpack	Cisco UCS Director_ Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data - Multiple Vulnerabilities	21 Aug 201900:00	–	exploitpack