Vulnerability Description
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inability to maintain a session in the web-based management portal.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Integrated Management Controller Supervisor | >= 2.2.0.3, <= 2.2.0.6 |
| Cisco | Ucs Director | >= 6.7.0.0, <= 6.7.2.0 |
| Cisco | Ucs Director Express For Big Data | >= 3.7.0.0, <= 3.7.2.0 |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2019-12634?
CVE-2019-12634 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthe...
How severe is CVE-2019-12634?
CVE-2019-12634 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12634?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Integrated Management Controller Supervisor, Cisco Ucs Director, Cisco Ucs Director Express For Big Data.