fkie_cve-2019-1627
Vulnerability from fkie_nvd
Published
2019-06-20 03:15
Modified
2024-11-21 04:36
Severity ?
Summary
A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient protection of data in the configuration file. An attacker could exploit this vulnerability by downloading the configuration file. An exploit could allow the attacker to use the sensitive information from the file to elevate privileges.
References
▶ | URL | Tags | |
---|---|---|---|
psirt@cisco.com | http://www.securityfocus.com/bid/108847 | Third Party Advisory, VDB Entry | |
psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-infodiscl | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108847 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-infodiscl | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cisco | integrated_management_controller | - | |
cisco | unified_computing_system | 4.0\(1c\)hs3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cisco:integrated_management_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "8ED6DD88-BC2C-41F6-B78A-3786817A73D6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\)hs3:*:*:*:*:*:*:*", "matchCriteriaId": "39F8601E-730B-489B-AD2A-FD10FAF28595", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient protection of data in the configuration file. An attacker could exploit this vulnerability by downloading the configuration file. An exploit could allow the attacker to use the sensitive information from the file to elevate privileges." }, { "lang": "es", "value": "Una vulnerabilidad en las Utilidades del Servidor de Integrated Management Controller (IMC) de Cisco, podr\u00eda permitir a un atacante remoto autenticado lograr acceso no autorizado a informaci\u00f3n confidencial del usuario a partir de los datos de configuraci\u00f3n almacenados en el sistema afectado. Una vulnerabilidad es debido a una protecci\u00f3n insuficiente de los datos en el archivo de configuraci\u00f3n. Un atacante podr\u00eda explotar esta vulnerabilidad al descargar el archivo de configuraci\u00f3n. Una vulnerabilidad podr\u00eda permitirle al atacante utilizar la informaci\u00f3n confidencial del archivo para elevar sus privilegios." } ], "id": "CVE-2019-1627", "lastModified": "2024-11-21T04:36:57.790", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "psirt@cisco.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-06-20T03:15:11.480", "references": [ { "source": "psirt@cisco.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/108847" }, { "source": "psirt@cisco.com", "tags": [ "Vendor Advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-infodiscl" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/108847" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-infodiscl" } ], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-78" } ], "source": "psirt@cisco.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-312" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…