← Voltar para CVEs

CVE-2019-1627

MEDIUM

6.5

Descricao

A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient protection of data in the configuration file. An attacker could exploit this vulnerability by downloading the configuration file. An exploit could allow the attacker to use the sensitive information from the file to elevate privileges.

Detalhes CVE

Pontuacao CVSS v3.16.5

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado6/20/2019

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

cisco:integrated_management_controllercisco:unified_computing_system

Fraquezas (CWE)

CWE-78CWE-312

Referencias

http://www.securityfocus.com/bid/108847(psirt@cisco.com)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-infodiscl(psirt@cisco.com)

http://www.securityfocus.com/bid/108847(af854a3a-2127-422b-91ae-364da2661108)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-infodiscl(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.