CVE-2019-1935

Name of the Vulnerable Software and Affected Versions Cisco Integrated Management Controller (IMC) Supervisor versions (affected versions not specified) Cisco UCS Director versions (affected versions not specified) Cisco UCS Director Express for Big Data versions (affected versions not specified)

Description The issue is related to the presence of a default account with an undocumented default password and incorrect permission settings. This could allow a remote attacker to log in to the command-line interface of an affected system with administrator privileges. The attacker could exploit this by using the scpuser account to log in and execute arbitrary commands, potentially gaining full read and write access to the system's database.

Recommendations For Cisco Integrated Management Controller (IMC) Supervisor, change the default password for the scpuser account and correct the permission settings to prevent unauthorized access. For Cisco UCS Director, change the default password for the scpuser account and correct the permission settings to prevent unauthorized access. For Cisco UCS Director Express for Big Data, change the default password for the scpuser account and correct the permission settings to prevent unauthorized access. As a temporary workaround, consider disabling the scpuser account until a patch is available to prevent exploitation.