CVE-2019-12634

Name of the Vulnerable Software and Affected Versions Cisco Integrated Management Controller (IMC) Supervisor versions (affected versions not specified) Cisco UCS Director versions (affected versions not specified) Cisco UCS Director Express for Big Data versions (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a missing authentication check in an API call. This could cause all currently authenticated users to be logged off, and repeated exploitation could lead to the inability to maintain a session in the web-based management portal.

Recommendations For Cisco Integrated Management Controller (IMC) Supervisor, consider restricting access to the web-based management interface until a fix is available. For Cisco UCS Director, restrict access to the API call with the missing authentication check to minimize the risk of exploitation. For Cisco UCS Director Express for Big Data, avoid using the web-based management portal until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.