Skip to main content

Unified Computing System CVE-2019-1900

HIGH
NULL Pointer Dereference (CWE-476)
2019-08-21 psirt@cisco.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 21, 2019 - 19:15 nvd
HIGH 7.5

DescriptionNVD

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an attacker to cause the web server to crash. Physical access to the device may be required for a restart.

AnalysisAI

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an attacker to cause the web server to crash. Physical access to the device may be required for a restart. Affected products include: Cisco Unified Computing System, Cisco Integrated Management Controller Supervisor.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2015-6435 CRITICAL POC
9.8 Jan 22

An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS)

CVE-2021-1368 HIGH
8.8 Feb 24

A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software coul

CVE-2019-1907 HIGH
8.8 Aug 21

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote a

CVE-2019-1865 HIGH
8.8 Aug 21

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could all

CVE-2019-1864 HIGH
8.8 Aug 21

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could all

CVE-2018-0431 HIGH
8.8 Oct 05

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could all

CVE-2018-0430 HIGH
8.8 Oct 05

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could all

CVE-2015-0718 HIGH
7.5 Mar 03

Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) p

CVE-2012-4078 HIGH
8.5 Sep 24

The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape se

CVE-2021-1387 HIGH
8.6 Feb 24

A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a

CVE-2019-1863 HIGH
8.1 Aug 21

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could all

CVE-2019-1632 HIGH
8.0 Jun 20

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an aut

Share

CVE-2019-1900 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy