Lucene search

CiscoCVELIST:CVE-2019-1863

HistoryAug 21, 2019 - 12:00 a.m.

CVE-2019-1863 Cisco Integrated Management Controller Privilege Escalation Vulnerability

2019-08-2100:00:00

CWE-285

cisco

www.cve.org

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.9%

JSON

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow a user with read-only privileges to change critical system configurations using administrator privileges.

CNA Affected

[
  {
    "product": "Cisco Unified Computing System E-Series Software (UCSE) ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "2.0(13o)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privilege

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.9%

JSON

Related for CVELIST:CVE-2019-1863