CVE-2019-1627 - A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow

CVE-2019-1627

Summary

A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient protection of data in the configuration file. An attacker could exploit this vulnerability by downloading the configuration file. An exploit could allow the attacker to use the sensitive information from the file to elevate privileges.

References

Vulnerable Configurations

cpe:2.3:a:cisco:integrated_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:integrated_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_computing_system:4.0\(1c\)hs3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_computing_system:4.0\(1c\)hs3:*:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 06-10-2020 - 19:54)
Impact:
Exploitability:

CWE

CWE-312

CAPEC

Retrieve Embedded Sensitive Data
An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:N/A:N

refmap via4

bid	108847
cisco	20190619 Cisco Integrated Management Controller Information Disclosure Vulnerability

Last major update

06-10-2020 - 19:54

Published

20-06-2019 - 03:15

Last modified

06-10-2020 - 19:54