← Retour aux CVEs
CVE-2019-1627
MEDIUM6.5
Description
A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient protection of data in the configuration file. An attacker could exploit this vulnerability by downloading the configuration file. An exploit could allow the attacker to use the sensitive information from the file to elevate privileges.
Details CVE
Score CVSS v3.16.5
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie6/20/2019
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
cisco:integrated_management_controllercisco:unified_computing_system
Faiblesses (CWE)
CWE-78CWE-312
References
http://www.securityfocus.com/bid/108847(psirt@cisco.com)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-infodiscl(psirt@cisco.com)
http://www.securityfocus.com/bid/108847(af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-infodiscl(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.