Skip to main content

Integrated Management Controller CVE-2019-1630

MEDIUM
Buffer Overflow (CWE-119)
2019-06-20 psirt@cisco.com
5.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 20, 2019 - 03:15 nvd
MEDIUM 5.5

DescriptionNVD

A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient checking of an input buffer. An attacker could exploit this vulnerability by passing a crafted file to the affected system. A successful exploit could inhibit an administrator's ability to access the system.

AnalysisAI

A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient checking of an input buffer. An attacker could exploit this vulnerability by passing a crafted file to the affected system. A successful exploit could inhibit an administrator's ability to access the system. Affected products include: Cisco Integrated Management Controller, Cisco Unified Computing System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2020-3470 CRITICAL
9.8 Nov 18

Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthentic

CVE-2018-15447 CRITICAL
9.8 Nov 08

A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unau

CVE-2020-3371 HIGH
8.8 Nov 06

A vulnerability in the web UI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attac

CVE-2019-1632 HIGH
8.0 Jun 20

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an aut

CVE-2019-1879 MEDIUM
6.7 Jun 20

A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker

CVE-2019-1627 MEDIUM
6.5 Jun 20

A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, re

CVE-2021-1397 MEDIUM
6.1 May 06

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could all

CVE-2019-1628 MEDIUM
5.5 Jun 20

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, local at

CVE-2014-3348 MEDIUM
5.0 Sep 10

The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series

CVE-2019-1631 MEDIUM
5.3 Jun 20

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an una

CVE-2019-1629 MEDIUM
5.3 Jun 20

A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unaut

Share

CVE-2019-1630 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy