CVE-2019-1907 is a vulnerability in Cisco Unified Computing System
Published on August 21, 2019
Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability
A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker with read-only privileges to gain administrator privileges.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CVE-2019-1907 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2019-1907
Want to know whenever a new CVE is published for Cisco Unified Computing System? stack.watch will email you.
Affected Versions
Cisco Unified Computing System (Management Software):- Version unspecified and below 4.0(2f) is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.