CVE-2019-16003

Name of the Vulnerable Software and Affected Versions Cisco UCS Director (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to download system log files from an affected device. The issue is due to a problem in the authentication logic of the web-based management interface. An attacker could exploit this by sending a crafted request to the web interface, potentially allowing them to download log files if they were previously generated by an administrator. The vulnerability is related to the lack of authentication for a critical function, which could enable a remote attacker to disclose protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.