CVE-2019-1937

Name of the Vulnerable Software and Affected Versions Cisco Integrated Management Controller (IMC) Supervisor versions (affected versions not specified) Cisco UCS Director versions (affected versions not specified) Cisco UCS Director Express for Big Data versions (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication. The issue is due to insufficient request header validation during the authentication process. An attacker could exploit this by sending a series of malicious requests to an affected device, potentially gaining full administrator access.

Recommendations For Cisco Integrated Management Controller (IMC) Supervisor, update to a version that includes the fix for this issue. For Cisco UCS Director, apply the recommended configuration changes to mitigate the risk of exploitation. For Cisco UCS Director Express for Big Data, restrict access to the vulnerable web-based management interface until a patch is available. As a temporary workaround, consider disabling the authentication process until a patch is available. Restrict access to the affected devices to minimize the risk of exploitation.