CVE-2019-1863 is a vulnerability in Cisco Unified Computing System
Published on August 21, 2019
Cisco Integrated Management Controller Privilege Escalation Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow a user with read-only privileges to change critical system configurations using administrator privileges.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CVE-2019-1863 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2019-1863
Want to know whenever a new CVE is published for Cisco Unified Computing System? stack.watch will email you.
Affected Versions
Cisco Unified Computing System E-Series Software (UCSE):- Version unspecified and below 2.0(13o) is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.