Vulnerability Description
A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an attacker to cause the web server to crash. Physical access to the device may be required for a restart.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Computing System | 4.0\(1c\)hs3 |
| Cisco | Integrated Management Controller Supervisor | >= 4.0.0.0, < 4.0\(2f\) |
| Cisco | Ucs C125 M5 | - |
| Cisco | Ucs C4200 | - |
| Cisco | Ucs S3260 | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2019-1900?
CVE-2019-1900 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service ...
How severe is CVE-2019-1900?
CVE-2019-1900 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1900?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Computing System, Cisco Integrated Management Controller Supervisor, Cisco Ucs C125 M5, Cisco Ucs C4200, Cisco Ucs S3260.