Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-1938
HistoryAug 21, 2019 - 7:15 p.m.

CVE-2019-1938

2019-08-2119:15:15
CWE-287
[email protected]
web.nvd.nist.gov
28
vulnerability
cisco
ucs director
ucs director express
big data
bypass authentication
remote attacker
administrator privileges
nvd
cve-2019-1938

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

52.7%

JSON

A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper authentication request handling. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an unprivileged attacker to access and execute arbitrary actions through certain APIs.

Affected configurations

NVD
Node
ciscoucs_directorMatch6.7.0.0
OR
ciscoucs_directorMatch6.7.1.0
Node
ciscoucs_director_express_for_big_dataMatch3.7.0.0
OR
ciscoucs_director_express_for_big_dataMatch3.7.1.0

CNA Affected

[
  {
    "product": "Cisco Unified Computing System Director ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "6.7.3.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

cvelist 1
prion 1
nessus 1
cisco 1
nvd 1
threatpost 1
cvelist
cvelist
CVE-2019-1938 Cisco UCS Director and Cisco UCS Director Express for Big Data API Authentication Bypass Vulnerability
2019-08-21 00:00:00
prion
prion
Authentication flaw
2019-08-21 19:15:00
nessus
nessus
Cisco UCS Director Authentication Bypass (cisco-sa-20190821-ucsd-authbypass)
2019-08-23 00:00:00
cisco
cisco
Cisco UCS Director and Cisco UCS Director Express for Big Data API Authentication Bypass Vulnerability
2019-08-21 16:00:00
nvd
nvd
CVE-2019-1938
2019-08-21 19:15:15
threatpost
threatpost
Cisco Patches Six Critical Bugs in UCS Gear and Switches
2019-08-21 17:38:24

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

52.7%

JSON
Related for CVE-2019-1938
cvelist1prion1nessus1cisco1nvd1threatpost1