CVE-2019-1974

Name of the Vulnerable Software and Affected Versions Cisco Integrated Management Controller (IMC) Supervisor versions (affected versions not specified) Cisco UCS Director versions (affected versions not specified) Cisco UCS Director Express for Big Data versions (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user. The issue is due to insufficient request header validation during the authentication process. An attacker could exploit this by sending a series of malicious requests to an affected device, potentially gaining full administrative access.

Recommendations For Cisco Integrated Management Controller (IMC) Supervisor, consider temporarily restricting access to the web-based management interface until a patch is available. For Cisco UCS Director, restrict access to the authentication process to minimize the risk of exploitation. For Cisco UCS Director Express for Big Data, avoid using the vulnerable authentication mechanism until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.