cisco integrated-management-controller-supervisor CVE-2019-12634 vulnerability in Cisco Products
Published on August 21, 2019

Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Denial of Service Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inability to maintain a session in the web-based management portal.

Vendor Advisory NVD

Weakness Type

Permissions, Privileges, and Access Controls

Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.


Products Associated with CVE-2019-12634

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-12634 are published in these products:

Cisco Integrated Management Controller Supervisor
 
Cisco Ucs Director
 
Cisco Ucs Director Express Big Data
 
Cisco Unified Computing System Director
 

Affected Versions

Cisco Unified Computing System Director:

Exploit Probability

EPSS
2.33%
Percentile
84.54%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.