cnvd - cnvd-2019-42593

cnvd-2019-42593

Vulnerability from cnvd

Title: Cisco Integrated Management Controller Supervisor、Cisco UCS Director和Cisco UCS Director Express for Big Data输入验证错误漏洞

Description:

Cisco Integrated Management Controller (IMC) Supervisor等都是美国思科（Cisco）公司的产品。Cisco Integrated Management Controller (IMC) Supervisor是一套机架式服务器集中管理系统。Cisco UCS Director是一套私有云基础架构即服务（IaaS）的异构平台。Cisco UCS Director Express for Big Data是一套针对大数据集群的基础架构统一管理平台。

Cisco Integrated Management Controller (IMC) Supervisor、Cisco UCS Director和Cisco UCS Director Express for Big Data中基于Web的管理界面存在输入验证错误漏洞，该漏洞源于程序未能充分验证用户提交的输入，远程攻击者可通过登录到该管理界面并发送恶意请求利用该漏洞以root用户身份在底层Liunx shell上执行任意命令。

Severity: 高

Patch Name: Cisco Integrated Management Controller Supervisor、Cisco UCS Director和Cisco UCS Director Express for Big Data输入验证错误漏洞的补丁

Patch Description:

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj

Reference: https://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj

Impacted products

Name
['Cisco UCS Director 6.0', 'Cisco Cisco IMC Supervisor 2.1', 'Cisco Cisco IMC Supervisor >=2.2.0.0，<=2.2.0.6', 'Cisco UCS Director 6.5', 'Cisco UCS Director 6.6.1.0', 'Cisco UCS Director 6.7.0.0', 'Cisco UCS Director 6.7.1.0', 'Cisco UCS Director Express for Big Data 3.0', 'Cisco UCS Director Express for Big Data 3.5', 'Cisco UCS Director Express for Big Data 3.6', 'Cisco UCS Director Express for Big Data 3.7.0.0', 'Cisco UCS Director Express for Big Data 3.7.1.0']

Name

['Cisco UCS Director 6.0', 'Cisco Cisco IMC Supervisor 2.1', 'Cisco Cisco IMC Supervisor >=2.2.0.0，<=2.2.0.6', 'Cisco UCS Director 6.5', 'Cisco UCS Director 6.6.1.0', 'Cisco UCS Director 6.7.0.0', 'Cisco UCS Director 6.7.1.0', 'Cisco UCS Director Express for Big Data 3.0', 'Cisco UCS Director Express for Big Data 3.5', 'Cisco UCS Director Express for Big Data 3.6', 'Cisco UCS Director Express for Big Data 3.7.0.0', 'Cisco UCS Director Express for Big Data 3.7.1.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-1936",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-1936"
    }
  },
  "description": "Cisco Integrated Management Controller (IMC) Supervisor\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Integrated Management Controller (IMC) Supervisor\u662f\u4e00\u5957\u673a\u67b6\u5f0f\u670d\u52a1\u5668\u96c6\u4e2d\u7ba1\u7406\u7cfb\u7edf\u3002Cisco UCS Director\u662f\u4e00\u5957\u79c1\u6709\u4e91\u57fa\u7840\u67b6\u6784\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u5f02\u6784\u5e73\u53f0\u3002Cisco UCS Director Express for Big Data\u662f\u4e00\u5957\u9488\u5bf9\u5927\u6570\u636e\u96c6\u7fa4\u7684\u57fa\u7840\u67b6\u6784\u7edf\u4e00\u7ba1\u7406\u5e73\u53f0\u3002\n\nCisco Integrated Management Controller (IMC) Supervisor\u3001Cisco UCS Director\u548cCisco UCS Director Express for Big Data\u4e2d\u57fa\u4e8eWeb\u7684\u7ba1\u7406\u754c\u9762\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7528\u6237\u63d0\u4ea4\u7684\u8f93\u5165\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u767b\u5f55\u5230\u8be5\u7ba1\u7406\u754c\u9762\u5e76\u53d1\u9001\u6076\u610f\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5root\u7528\u6237\u8eab\u4efd\u5728\u5e95\u5c42Liunx shell\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-42593",
  "openTime": "2019-11-28",
  "patchDescription": "Cisco Integrated Management Controller (IMC) Supervisor\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Integrated Management Controller (IMC) Supervisor\u662f\u4e00\u5957\u673a\u67b6\u5f0f\u670d\u52a1\u5668\u96c6\u4e2d\u7ba1\u7406\u7cfb\u7edf\u3002Cisco UCS Director\u662f\u4e00\u5957\u79c1\u6709\u4e91\u57fa\u7840\u67b6\u6784\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u5f02\u6784\u5e73\u53f0\u3002Cisco UCS Director Express for Big Data\u662f\u4e00\u5957\u9488\u5bf9\u5927\u6570\u636e\u96c6\u7fa4\u7684\u57fa\u7840\u67b6\u6784\u7edf\u4e00\u7ba1\u7406\u5e73\u53f0\u3002\r\n\r\nCisco Integrated Management Controller (IMC) Supervisor\u3001Cisco UCS Director\u548cCisco UCS Director Express for Big Data\u4e2d\u57fa\u4e8eWeb\u7684\u7ba1\u7406\u754c\u9762\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7528\u6237\u63d0\u4ea4\u7684\u8f93\u5165\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u767b\u5f55\u5230\u8be5\u7ba1\u7406\u754c\u9762\u5e76\u53d1\u9001\u6076\u610f\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5root\u7528\u6237\u8eab\u4efd\u5728\u5e95\u5c42Liunx shell\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Integrated Management Controller Supervisor\u3001Cisco UCS Director\u548cCisco UCS Director Express for Big Data\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco UCS Director 6.0",
      "Cisco Cisco IMC Supervisor 2.1",
      "Cisco Cisco IMC Supervisor \u003e=2.2.0.0\uff0c\u003c=2.2.0.6",
      "Cisco UCS Director 6.5",
      "Cisco UCS Director 6.6.1.0",
      "Cisco UCS Director 6.7.0.0",
      "Cisco UCS Director 6.7.1.0",
      "Cisco UCS Director Express for Big Data 3.0",
      "Cisco UCS Director Express for Big Data 3.5",
      "Cisco UCS Director Express for Big Data 3.6",
      "Cisco UCS Director Express for Big Data 3.7.0.0",
      "Cisco UCS Director Express for Big Data 3.7.1.0"
    ]
  },
  "referenceLink": "https://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj",
  "serverity": "\u9ad8",
  "submitTime": "2019-08-26",
  "title": "Cisco Integrated Management Controller Supervisor\u3001Cisco UCS Director\u548cCisco UCS Director Express for Big Data\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2019-1936 (GCVE-0-2019-1936)

Vulnerability from cvelistv5

Published

2019-08-21 18:25

Modified

2024-11-20 17:11

Severity ?

7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-20

Summary

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged access to an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrator privileges and then sending a malicious request to a certain part of the interface.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj	vendor-advisory, x_refsource_CISCO
	https://seclists.org/bugtraq/2019/Aug/49	mailing-list, x_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html	x_refsource_MISC
	http://seclists.org/fulldisclosure/2019/Aug/36	mailing-list, x_refsource_FULLDISC
	http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Unified Computing System Director	Version: unspecified < 6.7.3.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:35:51.267Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190821 Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj"
          },
          {
            "name": "20190828 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/49"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html"
          },
          {
            "name": "20190830 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Aug/36"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-1936",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-20T16:52:07.103028Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-20T17:11:20.795Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Computing System Director",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "6.7.3.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-08-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged access to an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrator privileges and then sending a malicious request to a certain part of the interface."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-02T20:06:04",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190821 Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj"
        },
        {
          "name": "20190828 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/49"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html"
        },
        {
          "name": "20190830 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Aug/36"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190821-imcs-ucs-cmdinj",
        "defect": [
          [
            "CSCvp19245"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-08-21T16:00:00-0700",
          "ID": "CVE-2019-1936",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Unified Computing System Director",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "6.7.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged access to an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrator privileges and then sending a malicious request to a certain part of the interface."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.2",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190821 Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj"
            },
            {
              "name": "20190828 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/49"
            },
            {
              "name": "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html"
            },
            {
              "name": "20190830 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Aug/36"
            },
            {
              "name": "http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190821-imcs-ucs-cmdinj",
          "defect": [
            [
              "CSCvp19245"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1936",
    "datePublished": "2019-08-21T18:25:18.494376Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-11-20T17:11:20.795Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted